ITPro Today reported: "The eCh0raix ransomware uses a brute-force credential attack to gain access to data stored in QNAP NAS devices.
The ransomware, dubbed eCh0raix by Anomali, the threat detection vendor that discovered it, targets QNAP network-attached storage devices. It scans the internet for publicly accessible QNAP devices and tries to break in via a brute-force credential attack, bypassing weak login credentials.
According to Anomali, eCh0raix encrypts specifically targeted file extensions on the NAS using AES encryption and appends an “.encrypt” extension to the encrypted files. The ransom note directs victims to pay a ransom in bitcoin via a website accessible with a Tor browser.
“This is the first I’ve heard of a hacker targeting a specific hardware type; typically, they target users and then get in through the user space rather than targeting specific back-end devices,” said Scott Sinclair, a senior analyst covering storage and data protection for ESG.
At the same time, it makes sense, he said, because NAS devices often hold valuable data.
“But NAS devices are designed to hold data storage, file storage, which tends to be very valuable,” Sinclair said. “It does seem fairly unusual, but they are going to try whatever means they can, and if they have identified it from what I understand is it has found specific exploits in these types of devices … these types of devices house business data, so they are using that to their advantage to go after and prevent access and ransom that off.”
In addition, NAS devices are less likely to have commercial antivirus products running on them, which are often found on endpoints. QNAP NAS devices are a logical target, Sinclair said, since they are often found in smaller environments, such as small businesses or branch office environments. These users tend to use older storage devices longer than they should or fail to keep patches updated because the systems seem to work fine.
The article continues with some mitigation actions to protect NAS devices against ransomware attacks. ITPro has the story: https://www.itprotoday.com/nassan/new-ransomware-targets-nas-devices
Don’t be taken hostage by ransomware. Download your rescue manual now!
Or cut & paste this link in your browser: http://info.knowbe4.com/ransomware-hostage-rescue-manual-0