Security News > 2021 > August > eCh0raix ransomware now targets both QNAP and Synology NAS devices
A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage devices.
The ransomware hit QNAP NAS devices in multiple waves, with two large-scale ones were reported in June 2019 and in June 2020.
While it has targeted both QNAP and Synology devices in the past in separate campaigns, Palo Alto Networks' Unit 42 security researchers said in a report published today that eCh0raix began bundling functionality to encrypt both NAS families starting with September 2020.
The attackers brute-force their way in to deliver the ransomware payloads on Synology NAS devices by attempting to guess commonly used administrative credentials.
Details about updating QNAP NAS devices against CVE-2021-28799 can be found on the QNAP website.
"SOHO users are attractive to ransomware operators looking to attack bigger targets because attackers can potentially use SOHO NAS devices as a stepping stone in supply chain attacks on large enterprises that can generate huge ransoms."
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-13 | CVE-2021-28799 | Unspecified vulnerability in Qnap Hybrid Backup Sync An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. | 9.8 |