Skip to main content

NAS devices hit by ransomware attacks

(Image credit: Pixabay)

The eCh0raix ransomware, known for attacking QNAP network-attached storage (NAS) devices, is back with a bang.

According to a recent thread on the Bleeping Computer forum (opens in new tab), as well as victims that spoke to ZDNet (opens in new tab), the number of attacks has surged dramatically in the past few weeks.

The ransomware was relatively active last summer, but was pushed aside for two reasons. First, the main version was reverse-engineered quickly and victims received decryption keys without paying the ransom. Second, the emergence of other ransomware operators attacking the same devices - namely Muhstik and QSnatch - served to draw attention away from eCh0raix.

However, the eCh0raix operators have now developed new versions of the malware, now being used to attack owners of NAS devices.

After ZDNet reported on new critical vulnerabilities affecting QNAP devices, victims began to reach out, explaining they had fallen foul of an unknown strain of ransomware. Further investigation found a new version of the eCh0raix ransomware was responsible.

To mitigate against the threat, owners of QNAP NAS devices are advised to update their firmware and software immediately, including all apps and add-ons. Given the operators are known for using brute-force attacks to access devices and spread malware, QNAP device owners are also advised to use complex passwords to protect their systems.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.