Campaigns that distribute eCh0raix ransomware have been found to target QNAP NAS devices using weak passwords or outdated QTS firmware.

It is known that eCh0raix ransomware, which targeted QNAP NAS devices in the last attacks, was used in attacks targeting Synology NAS devices in 2021. QNAP officials have not yet made a detailed statement regarding the ech0raix campaigns. However, it is predicted that the number of users affected by the campaigns will be higher than the announced number.

Mitigations

It is recommended to prevent potential eCh0raix ransomware infection;

Using passwords created by applying strong policies in administrator accounts,
Enabling IP Access Protection to protect accounts from Brute-Force attacks,
Avoiding the use of default ports 443 and 8080,
Using the QTS firmware in the most up-to-date versions with vulnerabilities,
Updating all installed applications to the latest versions,
Using comprehensive security solutions,
Preventing the detected IoC findings related to the malware in question from the security solutions in use.

eCh0raix ransomware echoraix QNAP NAS ransomware campaign

Vulnerable QNAP NAS Devices Are Targeted in eCh0raix Ransomware Campaigns

Vulnerable QNAP NAS Devices Are Targeted in eCh0raix Ransomware Campaigns

Mitigations

European Focused Threat Actors – Who Actively Continue Their Strategies

Critical 0-Day Alarm in Microsoft Exchange Server

European Focused Threat Actors – APT Groups

Multiple Vulnerabilities Detected in Solarwinds Orion

Security News – Week 39

Zebrocy Malware Technical Analysis Report

Related Posts

Critical 0-Day Alarm in Microsoft Exchange Server

Multiple Vulnerabilities Detected in Solarwinds Orion

Critical RCE Alarm in Sophos Firewall Solutions

AffectMe: The Critical Vulnerability in Oracle Cloud Infrastructure

We know what hackers know about you

Solutions

Use Case

Partners

Company