The eCh0raix ransomware group has been found to be targeting QNAP Network-Attached Storage (NAS) devices. The group attempts to seize control of devices while acquiring admin privileges.
Users of QNAP and Synology NAS systems have been reporting eCh0raix ransomware attacks since December 20. The ID ransomware service confirms that the number of cyberattacks is on the rise.
A small number of NAS device owners have reported that the ransomware has encrypted their file consisting of documents and pictures.
The ech0raix ransomware has demanded a ransom ranging from 0.06 bitcoins ($3,000) to 0.024 bitcoins ($1,200) in recent attacks. Since few users had no backup options, they were forced to pay the ransom to have their files restored.
Hackers have been planning this attack since at least last week prior to Christmas, according to reports.
It is yet unknown what infection vector was employed to propagate the ransomware. Some customers, however, acknowledged to not adequately securing the device, while others cited a flaw in QNAP’s Photo Station.
The ransomware operators appear to have created a user in the administrator group, which allowed them to encrypt files on the NAS system.
The vendors of NAS devices have been issued a warning on the current ransomware attacks.
There is a free decryptor available that can be used to unlock data for an older version (before July 17, 2019) of the eCh0raix ransomware. On the other hand, the latest variants 1.0.5 and 1.0.6, do not have a decryptor.
eCh0raix attacks started in June 2019 and haven’t stopped since. In August of this year, QNAP alerted users to a new wave of eCh0raix attacks that targeted both QNAP and Synology devices.
The eCh0raix ransomware is a potential threat, and users should be cautious. Users should install the latest security updates and change their default passwords.