An Increased Wave of eCh0raix Ransomware Attacks Hits QNAP NAS Devices

A jump in the number of eCh0raix ransomware attacks on the systems of QNAP NAS devices has been reported by users. The ransomware is also known under the name of QNAPCrypt.

It seems that the cybercriminals behind eCh0raix started to increase their activity a week before the Christmas holidays. They are targeting devices with admin privileges to take control over them.

The Number of eCh0raix Cyberattacks Hitting QNAP NAS Devices on the Rise

According to BleepingComputer, users of the publication’s forums who manage QNAP and Synology NAS systems have started to report more eCh0raix attacks around the 20th of December.

The ID ransomware service also confirms the increased number of cyberattacks between December 19 and December 26.

Some users say that they did not keep their devices properly secured, others are of the opinion that the QNAP’s Photo Station’s vulnerability permitted the attacks on NAS devices to intensify. However, currently, the initial infection vector is not clear.

How the eCh0raix Attack Unfolds

As per the same publication mentioned above, the threat actors behind eCh0raix ransomware manage to perform file encryption on the NAS systems by means of a user they create in the admin group. QNAP users say that pictures

Read More: https://heimdalsecurity.com/blog/more-ech0raix-ransomware-attacks-hit-qnap-nas-devices/