Researchers found that the eCh0raix ransomware gang is eyeing the QNAP NAS (network-attached storage) devices by taking over the devices to gain administrator privileges.
Since December of 2021, QNAP and Synology network-attached storage customers have outlined the eCh0raix ransomware’s attacks. The ID ransomware service further evaluates and confirms the rapid increase in eCh0raix attacks. A small number of network-attached storage device users announced that the ransomware operation conducted by the actors had encrypted their files containing photos and documents.
In the latest ransomware attacks, the eCh0raix threat group asked for a ransom between $3,000 to $1,200. In the cryptocurrency environment, this ransom is worth 0.06 to 0.024 bitcoins. Most users had no backup for their encrypted files, so they paid the ransom to retrieve and restore their belongings.
Researchers also believed that the threat operators of the eCh0raix ransomware had been preparing for this attack a week before Christmas last year.
The eCh0raix ransomware’s infection transmitter being utilised by threat actors is still unknown. However, some QNAP users stated that they had not secured their devices safely, whereas others torched QNAP because of an existing flaw inside its Photo Station.
Researchers also explained that if the ransomware operators abused a vulnerability in QNAP’s Photo Station, it might have developed a user in the administrator group that enabled the actors to encrypt files on the network-attached storage system.
The sellers of NAS devices have been informed regarding the operating ransomware attacks. Fortunately, an available free decryptor can be utilised to restore data for an older version of eCh0raix ransomware. Still, there is no available decryptor for the latest patches of the variant.
ECh0raix ransomware campaigns started in the earlier weeks of June 2019 and have operated non-stop ever since the initial attack. In August of last year, QNAP advised their users of another batch of eCh0raix attacks targeting the Synology and QNAP devices.
The eCh0raix ransomware is a threat, and QNAP users should always be on their feet and update their devices with the most advanced security patches and change their devices’ default passwords.