eCh0raix returns to attack QNAP and Synology NAS
QNAP and Synology are two of the most popular brands in NAS devices. Hackers typically attack the systems and computers that are most used and thus have a greater chance of success. This is what they have achieved with the new variant of eCh0raix, which is capable of encrypting files from NAS servers of these brands.
In the beginning, the eCh0raix ransomware It was attacking QNAP NAS devices. This threat was also known as QNAPCrypt. It is not something new, as it first appeared in 2016 and there have been different waves during the following years. Years later it also managed to attack Synology computers.
However, now we are facing a variant of this malware that is capable of attacking both brands. Until now it had done it separately, but a group of security researchers from Palo Alto Networks has released a report showing how it is able to put QNAP and Synology at risk at the same time.
This new functionality to be able to attack both brands appeared a few months ago. Until then, as indicated by Palo Alto Networks, they had separate code bases for individual campaigns, while now it is grouped.
They exploit a known vulnerability
To successfully attack victims’ computers, attackers exploit a vulnerability known and registered as CVE-2021-28799. This allows hackers to access encrypted or backdoor credentials. In this way they have the power to encrypt files on QNAP NAS servers.
In the case of Synology, indicate that they use brute force to achieve delivery of the ransomware payload by guessing the administrative credentials that are generally used by users and that have not changed.
Both Synology and QNAP have recently issued notices to their users to properly protect data and prevent attacks from both this ransomware and other similar threats that can also put stored information at risk.
According to the data they handle from Palo Alto Networks, they are more than 250,000 devices from QNAP and Synology that are exposed on the network today. They can be attacked by cyber criminals to deliver ransomware like eCh0raix.
So what can we do to protect NAS devices and avoid such problems? Something fundamental is to always have them updated. It is vital to have the latest versions. This will help avoid vulnerabilities that can be exploited.
But in addition, it is also advisable to change the password to access the devices and avoid using the one that comes from the factory. This will greatly reduce the risk of brute force attacks that can be used to encrypt files.