Skip to main content

NAS devices hit by ransomware attacks

(Image credit: Pixabay)

The eCh0raix ransomware, known for attacking QNAP network-attached storage (NAS) devices, is back with a bang.

According to a recent thread on the Bleeping Computer forum, as well as victims that spoke to ZDNet, the number of attacks has surged dramatically in the past few weeks.

The ransomware was relatively active last summer, but was pushed aside for two reasons. First, the main version was reverse-engineered quickly and victims received decryption keys without paying the ransom. Second, the emergence of other ransomware operators attacking the same devices - namely Muhstik and QSnatch - served to draw attention away from eCh0raix.

However, the eCh0raix operators have now developed new versions of the malware, now being used to attack owners of NAS devices.

After ZDNet reported on new critical vulnerabilities affecting QNAP devices, victims began to reach out, explaining they had fallen foul of an unknown strain of ransomware. Further investigation found a new version of the eCh0raix ransomware was responsible.

To mitigate against the threat, owners of QNAP NAS devices are advised to update their firmware and software immediately, including all apps and add-ons. Given the operators are known for using brute-force attacks to access devices and spread malware, QNAP device owners are also advised to use complex passwords to protect their systems.