Security News > 2021 > August > eCh0raix ransomware now targets both QNAP and Synology NAS devices

eCh0raix ransomware now targets both QNAP and Synology NAS devices
2021-08-10 12:10

A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage devices.

The ransomware hit QNAP NAS devices in multiple waves, with two large-scale ones were reported in June 2019 and in June 2020.

While it has targeted both QNAP and Synology devices in the past in separate campaigns, Palo Alto Networks' Unit 42 security researchers said in a report published today that eCh0raix began bundling functionality to encrypt both NAS families starting with September 2020.

The attackers brute-force their way in to deliver the ransomware payloads on Synology NAS devices by attempting to guess commonly used administrative credentials.

Details about updating QNAP NAS devices against CVE-2021-28799 can be found on the QNAP website.

"SOHO users are attractive to ransomware operators looking to attack bigger targets because attackers can potentially use SOHO NAS devices as a stepping stone in supply chain attacks on large enterprises that can generate huge ransoms."


News URL

https://www.bleepingcomputer.com/news/security/ech0raix-ransomware-now-targets-both-qnap-and-synology-nas-devices/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-05-13 CVE-2021-28799 Unspecified vulnerability in Qnap Hybrid Backup Sync
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync.
network
low complexity
qnap
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Qnap 80 4 97 122 76 299
Synology 55 5 101 99 38 243