DeadBold- and eCh0raix ransomware attacks on QNAP NAS (June 2022)

Posted on 2022-06-21 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]QNAP system owners are currently under fire from two ransomware groups. Once, cases of infections with the eCh0raix ransomware were detected. This is where drives are encrypted. In addition, QNAP has recently published a security notice that warns against attacks of the DeadBold ransomware on outdated versions of QTS 4.x.

Advertising

DeadBold ransomware attacks

I became aware of DeadBolt ransomware attacks on QNAP NAS drives via Twitter a couple of days ago. QNAP has published the Security Advisory QSA-22-19 (DeadBolt Ransomware)  on June 17, 2022.

QNAP attacks via DeadBold Ransomware

According to this, QNAP has recently discovered a new DeadBolt ransomware campaign targeting the corresponding devices. According to the victims' reports so far, the campaign seems to target QNAP NAS devices with outdated versions of QTS 4.x. Currently, the cases are still under investigation by QNAP, so no further information is available. The vendor's recommendation is to update QTS or QuTS hero to the latest version immediately.

eCh0raix ransomware attacks

Karsten Hahn, malware analyst at G DATA has also pointed out attacks of the eCh0raix ransomware, in which QNAP devices are encrypted, via Twitter. He has come across corresponding samples.

 QNAP eCh0raix Ransomware attack

Advertising

The colleagues from Bleeping Computer have covered this attack within this article. Since a few days now, there have been increasing reports that QNAP devices have been encrypted by the eCh0raix ransomware (also known as QNAPCrypt). For example, on Bleeping Computer's forum, there is this post from a victim where all data on a QNAP TS-251+ server was encrypted on June 6, 2022. On June 17, 2022, there is another affected person in the same thread. The ransomware is not new, there have been warnings in the past (see the following links). 

Similar articles:
QNAP Security Advisory about eCh0raix Ransomware QNAP Sicherheitswarnung vor eCh0raix-Ransomware
QTS 5.0.0 security updates for QNAP NAS devices (June 8, 2022)
QNAP Update QTS 5.0.0.1932 build 20220129 closes SAMBA vulnerability CVE-2021-44142
QNAP: DeadBolt attacks via vulnerability patched in December 2021

Advertising
This entry was posted in devices, Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).