eCh0raix ransomware now targets both QNAP and Synology NAS devices


A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices.

This ransomware strain (also known as QNAPCrypt) first surfaced in June 2016, after victims began reporting attacks in a BleepingComputer forum topic.

The ransomware hit QNAP NAS devices in multiple waves, with two large-scale ones were reported in June 2019 and in June 2020

eCh0raix also encrypted devices made by Synology in 2019, with Anomali researchers finding that the attackers brute-forced administrator credentials using default credentials or dictionary attacks.

At the time, the NAS maker warned its customers to secure their data from an ongoing and large-scale ransomware campaign. However, it did not name the ransomware operation responsible for the attacks.

Read more…