Researchers have discovered a new eCh0raix ransomware variant that targets QNAP and Synology network-attached storage (NAS) devices.
According to Palo Alto Networks Unit 42 researchers, cyberattackers also have exploited a Critical QNAP vulnerability CVE-2021-28799 to deliver the new eCh0raix ransomware variant to QNAP devices.
Earlier this year, eCh0raix (and Qlocker) had successfully targeted and infected QNAP NAS devices hosted by some of its customers. As a result, the ransomware was able to encrypt data and demand ransoms to restore the information.
However, Unit 42 said this is the first time they had observed a eCh0raix variant target both QNAP and Synology devices. The researchers further warned that ransomware developers “are continuing to invest in optimizing the tools used to target devices common in the small office and home office (SOHO).”
“We’re regularly seeing attacks with the eCh0raix ransomware variant, which has been active in the wild for nearly a year,” the Unit 42 researchers wrote in a blog post.
It is also important to note that nearly 250,000 QNAP and Synology NAS devices are exposed to the public internet, according to data from the Cortex Xpanse platform.
As a result, attackers can target SOHO NAS devices as a “stepping stone” to launch more targeted supply chain attacks against larger organizations to demand big ransoms.
- Alert: Qlocker and eCh0raix ransomware attacks against QNAP NAS devices
- Legacy QNAP NAS devices vulnerable to zero-day cyberattacks
- 450K internet-connected QNAP devices exposed to RCE vulnerabilities
- QNAP Helpdesk software vulnerabilities
- QSnatch malware targets QNAP NAS devices
- Ongoing VPNFilter router malware threats
- VPNfilter malware targets 500K networking devices