As reported by BleepingComputer, the surge in attacks against QNAP devices began on December 19, leading a number of users to take to online forums to discuss the issue.
Per the report, malware operators are able to create a user in the administrator group, allowing them to encrypt all the files on the NAS system. The initial infection vector is currently unknown.
In most cases, the attackers are encrypting pictures and documents, before leaving the ransom note in the .TXTT format. This could be a problem for some, BleepingComputer claims, as not all have the right programs to read these files.
As for the ransom demand, there is no word of an exact figure, but we do know that eCh0raix operators usually demand anywhere between .024 and .06 bitcoin ($1,200 - $3,000) for the decryption key.
A free decryptor is available online, but only for older versions of the ransomware. For the newer versions (1.0.5. and 1.0.6.), there is currently no free option to decrypt data following an infection.
To keep NAS devices secure and shield against future attacks, QNAP has prepared a series of recommendations and best practices, which can be found here.
- We've created a list of the best antivirus services around
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.