NAS servers have become very popular in recent years in both small and medium-sized businesses and home environments. These small servers allow us to set up a centralized storage system in which any user on the network can save their files and access them from any computer or device. Normally NAS are usually safe and have periodic updates to guarantee the security and integrity of user data, however, sometimes very serious threats appear, such as the new eCh0raix, which force us to act as soon as possible if we do not want to run more danger.
Since 2019 eCh0raix began to circulate on the network and whose objective is to infect NAS servers, specifically from the Taiwanese manufacturer QNAP, to encrypt all the files stored in it and request a ransom payment in exchange for the files. This ransomware is written in Go and relies on brute force to be able to connect remotely to vulnerable NAS servers and, in addition, it had a series of exploits to carry out targeted attacks.
Now QNAP arrives to warn customers of an actively exploited Roon Server zero-day bug and eCh0raix ransomware attacks targeting their Network Attached Storage (NAS) devices. This warning comes just two weeks after QNAP users were alerted to an ongoing AgeLocker ransomware outbreak.
QNAP urged customers to “act immediately” to protect their data from potential eCh0raix attacks by:
▸Use stronger passwords for your administrator accounts.
▸Enable IP access protection to protect accounts from brute force attacks.
▸Avoid using the default port numbers 443 and 8080.
While QNAP does not mention how many reports it received from users directly affected by the eCh0raix ransomware in recent weeks, BleepingComputer has seen an increase in reports of attacks on the highly active support topic eCh0raix and that is why it is essential to take security measures against this risk.
Related reads:
AgeLocker is a Malware that attacks QNAP NAS devices
Qlocker new ransomware that puts QNAP devices at risk
