When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
According to BleepingComputer, eCh0raix, the recently discovered ransomware variant, is now encrypting both QNAP and Synology Network-Attached Storage (NAS) devices.
In June 2016 when the ransomware variant, also known as QNAPCrypt, first appeared, the BleepingComputer forum topic began receiving reports of the ransomware attacks from numerous victims.
In 2019, researchers discovered that the eCh0raix attackers used default credentials or dictionary attacks to brute-force administrator credentials and encrypt the Synology devices. Customers were warned by the NAS developer to keep their data secured from large-scale ransomware attacks.
In past ransomware attacks, eCh0raix targeted both QNAP and Synology devices separately. However, according to security researchers, in September 2020, eCh0raix started encrypting both NAS families by combining functionality.
The attackers exploited CVE-2021-28799 (a vulnerability that allowed attackers access to hard-coded credentials, or a backdoor account) to encrypt QNAP devices.
By guessing commonly used administrative credentials, eCh0raix threat actors brute-forced their way into the Synology NAS devices to deliver the ransomware payloads.
With new ransomware variants obtaining the functionality to target multiple devices like the QNAP and Synology NAS at the same time, staying current with new threats is crucial in protecting the company’s network or devices. With SpearTip’s 24/7 Security Operations Center as a Service, our certified engineers are constantly monitoring your network or storage devices for potential ransomware threats.
With our engineer’s intelligence combined with the ShadowSpear platform, our efficient endpoint detection and response tool, you have a dedicated team that will detect threats early and block ransomware threats in their tracks.
If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.
Identify, neutralize, and counter cyberattacks - provide confidence in your security posture
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.