According to BleepingComputer, eCh0raix, the recently discovered ransomware variant, is now encrypting both QNAP and Synology Network-Attached Storage (NAS) devices.

In June 2016 when the ransomware variant, also known as QNAPCrypt, first appeared, the BleepingComputer forum topic began receiving reports of the ransomware attacks from numerous victims.

In 2019, researchers discovered that the eCh0raix attackers used default credentials or dictionary attacks to brute-force administrator credentials and encrypted the Synology devices. Customers were warned by the NAS developer to keep their data secured from large-scale ransomware attacks.

 In past ransomware attacks, eCh0raix targeted both QNAP and Synology devices separately. However, according to security researchers, in September 2020, eCh0raix started encrypting both NAS families by combining functionality.

The attackers exploited CVE-2021-28799 (a vulnerability that allowed attackers access to hard-coded credentials, or a backdoor account) to encrypt QNAP devices.

By guessing commonly used administrative credentials, eCh0raix threat actors brute-forced their way into the Synology NAS devices to deliver the ransomware payloads.

With new ransomware variants obtaining the functionality to target multiple devices like the QNAP and Synology NAS at the same time, staying current with new threats is more crucial in protecting company’s network or devices. With SpearTip’s 24/7 Security Operations Center as a Service, our certified engineers are constantly monitoring your network or storage devices for potential ransomware threats.

With our engineer’s intelligence combined with the ShadowSpear platform, our efficient endpoint detection and response tool, you have a dedicated team that will detect threats early and block ransomware threats in their tracks.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.