QNAP Security Advisory about eCh0raix Ransomware

[German]NAS manufacturer QNAP has now issued a security warning because its devices are under attack by the eCh0raix ransomware.


Advertising

The eCh0raix ransomware

It's a never-ending story. Almost exactly a year ago, in the article Ransomware addressing QNAP-/Synology NAS systems, I warned about a ransomware called eChoraix. The malware uses brute force attacks on the web interfaces of these devices to compromise installations possibly secured with weak passwords. If successful, all files on the NAS will be encrypted and the ransomware will store a note where the user can pay.

On June 8, 2020 I had a section in the German blog post Sicherheitsinformationen (8. Juni 2020), that the cyber criminals from the eCh0raix ransomware gang are running a new campaign against QNAP NAS devices. Bleeping Computer has picked it up in this post and on ZDNet you can find this post

QNAP pushed an advisory about eCh0raix ransomware

The following tweet tells me that QNAP has now responded and released a security warning about the eCh0raix ransomware.

As of June 8, 2020, QSA-20-02 confirms that attacks with the eCh0raix ransomware (MR1904) are taking place, which mainly exploit older vulnerabilities. The following QNAS devices from the QTS and Photo Station series are likely to be affected by the attacks.


Advertising

QTS:

  • QTS 4.4.1: build 20190918 and later
  • QTS 4.3.6: build 20190919 and later

Photo Station:

  • QTS 4.4.1: Photo Station 6.0.3 and later
  • QTS 4.3.4 – QTS 4.4.0: Photo Station 5.7.10 and later
  • QTS 4.3.0 – QTS 4.3.3: Photo Station 5.4.9 and later
  • QTS 4.2.6: Photo Station 5.2.11 and later

To secure a QNAP device and protect its data from ransomware attacks and unauthorized use, the manufacturer strongly recommends that you update QTS and Photo Station to the latest firmware versions. For more details, please refer to this article.


Advertising

This entry was posted in devices, Security and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).