Heimdal
article featured image

Contents:

QNAP, the leading computing, networking, and storage solution innovator, recently warned its users about an actively exploited Roon Server zero-day bug and eCh0raix ransomware attacks targeting their Network Attached Storage (NAS) devices.

eCh0raix QNAP nas logo heimdal security

Image Source: QNAP

The company urges its users to immediately increase their devices’ security to avoid infection, by using stronger passwords for their administrative accounts, enabling IP Access Protection to protect accounts from brute force attacks, and avoid using default port numbers 443 and 8080.

While former attacks exploited software vulnerabilities on unpatched devices, the current campaign exploits human behavior. The Taiwan-based vendor claimed that it has received reports of ongoing eCh0raix ransomware attacks that infected QNAP NAS devices using weak passwords.

The eCh0raix ransomware has been reported to affect QNAP NAS devices. Devices using weak passwords may be susceptible to attack.
We strongly recommend users act immediately to protect their data.

Source

After guessing the right credentials, hackers get full access to the targeted device, allowing them to exfiltrate sensitive documents or deploy malware.

The eCh0raix ransomware, also known as QNAPCrypt, is a family of ransomware that targets and spreads across physical network appliances like NAS Synology or QNAP that are meant to ensure high-quality Internet connections. The devices were compromised by exploiting known vulnerabilities in an attempt to encrypt the files found on the system.

First identified in July 2019, the eCh0raix ransomware has since been tracked by a Russian cybercriminal group called FullOfDeep. eCh0raix uses the ransomware-as-a-service (RaaS) model. This means that affiliates can initiate ransomware attacks themselves and refund a portion of each victim’s payments to stock creators and managers, promoting tools in underground forums.

QNAP also provided users with the necessary safety measures by which they can disable Roon Server on their NAS:

  • Log on to QTS as administrator – Open the app Center and then click.
  • Type “Roon Server” in the search box and press ENTER. Roon Server appears in the search results.
  • Click the arrow below the Roon Server icon.
  • Select Stop. The application is disabled.
Heimdal Official Logo
Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.
  • Blocks any unauthorized encryption attempts;
  • Detects ransomware regardless of signature;
  • Universal compatibility with any cybersecurity solution;
  • Full audit trail with stunning graphics;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Unfortunately, this is not the first time that QNAP has been on cybercriminals’ target list. Back in March, 360 Netlab researchers discovered that unpatched QNAP NAS Devices were targeted by UnityMiner in a massive cryptocurrency mining campaign.

A month later, a Qlocker ransomware campaign targeted QNAP devices around the world, storing users’ files in password-protected 7zip archives. The threat actors behind the attacks made $260,000 in just five days by remotely encrypting data using the 7zip archive program.

NAS devices have actually been targeted since August 2019, with warnings of infections regarding QSnatch malware, Muhstik Ransomware infections, the eCh0raix Ransomware campaign, and AgeLocker Ransomware attacks.

Author Profile

Cezarina Dinu

Head of Marketing Communications & PR

linkedin icon

Cezarina is the Head of Marketing Communications and PR within Heimdal® and a cybersecurity enthusiast who loves bringing her background in content marketing, UX, and data analysis together into one job. She has a fondness for all things SEO and is always open to receiving suggestions, comments, or questions.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE