Level 66
Content Creator
Malware Hunter
A new ransomware strain written in Go and dubbed eCh0raix by the Anomali Threat Research Team is being used in the wild to infect and encrypt documents on consumer and enterprise QNAP Network Attached Storage (NAS) devices used for backups and file storage.

"The devices appear to be compromised by brute forcing weak credentials and exploiting known vulnerabilities in targeted attacks," according to Anomali researchers, with victims originally reporting in BleepingComputer forum thread that they use the following QNAP NAS devices: QNAP TS-251, QNAP TS-451, QNAP TS-459 Pro II, and QNAP TS 253B.

QNAP Systems, the manufacturer of QNAP NAS devices, provides a list of steps that could allow rannsomware victims to recover their data if the QNAP block-based snapshot feature as described HERE.

The eCh0raix ransomware, named after a string found within the malware's source code, is used in targeted attacks according to Anomali's research team with the samples using a "hardcoded public key appear to be compiled for the target with a unique key for each target."
Last edited: