A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices.
This ransomware strain (also known as QNAPCrypt) first surfaced in June 2016, after victims began reporting attacks in a BleepingComputer forum topic.
The ransomware hit QNAP NAS devices in multiple waves, with two large-scale ones were reported in June 2019 and in June 2020.
eCh0raix also encrypted devices made by Synology in 2019, with Anomali researchers finding that the attackers brute-forced administrator credentials using default credentials or dictionary attacks.
At the time, the NAS maker warned its customers to secure their data from an ongoing and large-scale ransomware campaign. However, it did not name the ransomware operation responsible for the attacks.