"QNAP NAS Devices Hit in Surge of eCh0raix Ransomware Attacks"

QNAP network-attached storage (NAS) device users have been reporting eCh0raix (also known as QNAPCrypt) ransomware attacks on their systems. The threat actor behind the eCh0raix ransomware attacks appears to have amplified their activity a week before Christmas. The ID ransomware service confirmed the surge in eCh0raix ransomware attacks as submissions increased on December 19 and decreased towards December 26. The initial infection vector remains unclear as some users admitted that they inadequately secured the device, leaving it exposed to the Internet over an insecure connection. Others have claimed that QNAP's Photo Station contains a vulnerability that led to the execution of eCh0raix ransomware attacks. Regardless of the initial infection vector, the eCh0raix ransomware actor appears to create a user in the administrator group, thus allowing them to encrypt all files on the NAS system. Researchers have seen eCh0raix ransomware demands ranging from $1,200 to .$3,000 in bitcoins. There is a free decryptor for files locked with an older version (before July 17, 2019) of eCh0raix ransomware, but there is currently no free solution to decrypt data locked by the ransomware's latest variants (versions 1.0.5 and 1.0.6). This article continues to discuss the recent jump in eCh0raix ransomware attacks.

Bleeping Computer reports "QNAP NAS Devices Hit in Surge of eCh0raix Ransomware Attacks"