QNAP NAS devices hit with surge of ransomware attacks

Lock on Laptop Screen
(Image credit: Future)
Audio player loading…

It’s been a busy holiday season for the operators of eCh0raix ransomware (opens in new tab), who have unleashed a torrent of attacks against QNAP NAS devices over the last week or so.

As reported by BleepingComputer, the surge in attacks against QNAP devices began on December 19, leading a number of users to take to online forums to discuss the issue.

Per the report, malware operators are able to create a user in the administrator group, allowing them to encrypt all the files on the NAS system. The initial infection vector is currently unknown.

Demanding bitcoin

In most cases, the attackers are encrypting pictures and documents, before leaving the ransom note in the .TXTT format. This could be a problem for some, BleepingComputer claims, as not all have the right programs to read these files. 

As for the ransom demand, there is no word of an exact figure, but we do know that eCh0raix operators usually demand anywhere between .024 and .06 bitcoin ($1,200 - $3,000) for the decryption key.

A free decryptor is available online, but only for older versions of the ransomware. For the newer versions (1.0.5. and 1.0.6.), there is currently no free option to decrypt data following an infection.

To keep NAS devices secure and shield against future attacks, QNAP has prepared a series of recommendations and best practices, which can be found here (opens in new tab).

Via BleepingComputer (opens in new tab)

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.