It’s been a busy holiday season for the operators of eCh0raix ransomware, who have unleashed a torrent of attacks against QNAP NAS devices over the last week or so.
As reported by BleepingComputer, the surge in attacks against QNAP devices began on December 19, leading a number of users to take to online forums to discuss the issue.
Per the report, malware operators are able to create a user in the administrator group, allowing them to encrypt all the files on the NAS system. The initial infection vector is currently unknown.
In most cases, the attackers are encrypting pictures and documents, before leaving the ransom note in the .TXTT format. This could be a problem for some, BleepingComputer claims, as not all have the right programs to read these files.
As for the ransom demand, there is no word of an exact figure, but we do know that eCh0raix operators usually demand anywhere between .024 and .06 bitcoin ($1,200 – $3,000) for the decryption key.
A free decryptor is available online, but only for older versions of the ransomware. For the newer versions (1.0.5. and 1.0.6.), there is currently no free option to decrypt data following an infection.
To keep NAS devices secure and shield against future attacks, QNAP has prepared a series of recommendations and best practices, which can be found here.
- We’ve created a list of the best antivirus services around