New eCh0raix Ransomware encrypts NAS devices

    A new Ransomware named ‘eCh0raix’ is reported to be infecting Network Attached Storage (NAS) Devices which are generally used to store backups and critical data. The said malware alleged to be targeting the NAS devices via brute forcing attacks where weak credentials are exploited by hackers to infiltrate into database networks.

    Currently, reports are in that the data encrypting malware is targeting QNAP owned systems, a company based in Taiwan.

    From the past 2 years, several security analysts have reported various vulnerabilities in QNAP NAS devices in recent times. Though the company tried to patch-up the susceptibilities from time to time, it did struggle to apply patches to various exploits in recent years.

    And this is where hackers are found to be taking the opportunity to spread the infection to various internet connected storage devices using Brute-force attacks. As these devices are used to store critical backups of data and some sensitive info, the severity on the threat scale is termed to be vast.

    “Anomali Threat detection team was the first to spot these vulnerabilities on QNAP NAS machines and the attacks seem to be continually giving an opportunity to threat actors to make financial gains”, says Joakim Kennedy, the Cyber Threat Intelligence Manager, Anomali- a Cybersecurity firm based in California, United States.

    Hackers are seen presenting a ransom demand note to the victim saying that their data has been locked and to decrypt it they need to go to a TOR Website to make the payment in Bitcoins.

    As they are several spelling errors in the ransom note, experts from Anomali suggest that the cyber crooks behind this malware spread are not native English speakers- pointing fingers to hacking groups hailing from nations belonging to the Asian continent.

    Ad
    Join over 500,000 cybersecurity professionals in our LinkedIn group "Information Security Community"!
    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display