Vulnerable QNAP NAS Devices Are Targeted in eCh0raix Ransomware Campaigns

Campaigns that distribute eCh0raix ransomware have been found to target QNAP NAS devices using weak passwords or outdated QTS firmware.

It is known that eCh0raix ransomware, which targeted QNAP NAS devices in the last attacks, was used in attacks targeting Synology NAS devices in 2021. QNAP officials have not yet made a detailed statement regarding the ech0raix campaigns. However, it is predicted that the number of users affected by the campaigns will be higher than the announced number.

Mitigations

It is recommended to prevent potential eCh0raix ransomware infection;

• Using passwords created by applying strong policies in administrator accounts,
• Enabling IP Access Protection to protect accounts from Brute-Force attacks,
• Avoiding the use of default ports 443 and 8080,
• Using the QTS firmware in the most up-to-date versions with vulnerabilities,
• Updating all installed applications to the latest versions,
• Using comprehensive security solutions,
• Preventing the detected IoC findings related to the malware in question from the security solutions in use.