Last updated on July 28th, 2022 at 12:28 am

Campaigns that distribute eCh0raix ransomware have been found to target QNAP NAS devices using weak passwords or outdated QTS firmware.

It is known that eCh0raix ransomware, which targeted QNAP NAS devices in the last attacks, was used in attacks targeting Synology NAS devices in 2021. QNAP officials have not yet made a detailed statement regarding the ech0raix campaigns. However, it is predicted that the number of users affected by the campaigns will be higher than the announced number.

Mitigations

It is recommended to prevent potential eCh0raix ransomware infection;

Using passwords created by applying strong policies in administrator accounts,
Enabling IP Access Protection to protect accounts from Brute-Force attacks,
Avoiding the use of default ports 443 and 8080,
Using the QTS firmware in the most up-to-date versions with vulnerabilities,
Updating all installed applications to the latest versions,
Using comprehensive security solutions,
Preventing the detected IoC findings related to the malware in question from the security solutions in use.

eCh0raix ransomware echoraix QNAP NAS ransomware campaign

Vulnerable QNAP NAS Devices Are Targeted in eCh0raix Ransomware Campaigns

Mitigations

MOVEit Transfer Software Exploited Through Critical Zero-Day Vulnerability

“Triangulation Trojan” Launches Sophisticated Attack on Apple Devices

Perspective of the Month | APT Groups

BellaCiao: The New Malware From Iran’s Charming Kitten

We know what hackers know about you

Solutions

Use Case

Partners

Company