Extortionate software ech0raix attacks QNAP network drives again


Judging by user reports and samples of files uploaded to the ID Ransomware platform, this week the extortionate software ech0raix started attacking vulnerable NAS QNAP network drives again.

The ech0raix ransomware (also called QNAPCrypt) has been periodically attacking QNAP devices since the summer of 2019. Since then, information security experts have recorded several malicious campaigns, in particular, in May and June 2020. A large wave of attacks hit network drives also in mid-December 2021 and lasted until February 2022.

Now, it seems, another wave of attacks on NAS QNAP has begun. The very first message about the attacks appeared on June 8. Although ech0raix can also attack Synology network drives, so far only QNAP users complain about attacks, BleepingComputer writes.

QNAP has not yet reported any details about the attacks, and the vector of infection remains unknown. In previous campaigns, the ransomware compromised devices by bruteforce and exploiting known vulnerabilities in network storage (CVE-2018-19943, CVE-2018-19949 and CVE-2018-19953).

In order to protect devices from attacks, users are advised to use strong passwords for administrator accounts, enable IP access protection and avoid using default ports 443 and 8080.

Start a discussion …