{"id":24976,"date":"2022-06-21T12:24:05","date_gmt":"2022-06-21T10:24:05","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=24976"},"modified":"2022-06-21T12:24:05","modified_gmt":"2022-06-21T10:24:05","slug":"deadbold-and-ech0raix-ransomware-attacks-on-qnap-nas-june-2022","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/06\/21\/deadbold-and-ech0raix-ransomware-attacks-on-qnap-nas-june-2022\/","title":{"rendered":"DeadBold- and eCh0raix ransomware attacks on QNAP NAS (June 2022)"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2022\/06\/20\/zwei-gruppen-greifen-qnap-systeme-mit-deadbold-und-ech0raix-ransomware-an-juni-2022\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]QNAP system owners are currently under fire from two ransomware groups. Once, cases of infections with the eCh0raix ransomware were detected. This is where drives are encrypted. In addition, QNAP has recently published a security notice that warns against attacks of the DeadBold ransomware on outdated versions of QTS 4.x.<\/p>\n<p><!--more--><\/p>\n<h2>DeadBold ransomware attacks<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg08.met.vgwort.de\/na\/096f64841ec44b33bf219976d74c8c9b\" width=\"1\" height=\"1\">I became aware of DeadBolt ransomware attacks on QNAP NAS drives via <a href=\"https:\/\/twitter.com\/Dinosn\/status\/1538018807888740358\" rel=\"noopener\" target=\"_blank\">Twitter<\/a> a couple of days ago. QNAP has published the Security Advisory <a href=\"https:\/\/www.qnap.com\/en\/security-advisory\/QSA-22-19\" rel=\"noopener\" target=\"_blank\">QSA-22-19 (DeadBolt Ransomware)<\/a>&nbsp; on June 17, 2022. <\/p>\n<p><a href=\"https:\/\/twitter.com\/Dinosn\/status\/1538018807888740358\" rel=\"noopener\" target=\"_blank\"><img decoding=\"async\" title=\"QNAP attacks via DeadBold Ransomware\" alt=\"QNAP attacks via DeadBold Ransomware\" src=\"https:\/\/i.imgur.com\/bjeGM9i.png\"><\/a> <\/p>\n<p>According to this, QNAP has recently discovered a new DeadBolt ransomware campaign targeting the corresponding devices. According to the victims' reports so far, the campaign seems to target QNAP NAS devices with outdated versions of QTS 4.x. Currently, the cases are still under investigation by QNAP, so no further information is available. The vendor's recommendation is to update QTS or QuTS hero to the latest version immediately. <\/p>\n<h2>eCh0raix ransomware attacks<\/h2>\n<p>Karsten Hahn, malware analyst at G DATA has also pointed out attacks of the eCh0raix ransomware, in which QNAP devices are encrypted, via <a href=\"https:\/\/twitter.com\/struppigel\/status\/1537694659815915522\" rel=\"noopener\" target=\"_blank\">Twitter<\/a>. He has come across corresponding samples. <\/p>\n<p>&nbsp;<a href=\"https:\/\/twitter.com\/struppigel\/status\/1537694659815915522\" rel=\"noopener\" target=\"_blank\"><img decoding=\"async\" title=\"QNAP eCh0raix Ransomware attack\" alt=\"QNAP eCh0raix Ransomware attack\" src=\"https:\/\/i.imgur.com\/igXJjzJ.png\"><\/a> <\/p>\n<p>The colleagues from Bleeping Computer have covered this attack within <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-nas-devices-targeted-by-surge-of-ech0raix-ransomware-attacks\/\" target=\"_blank\" rel=\"noopener\">this article<\/a>. Since a few days now, there have been increasing reports that QNAP devices have been encrypted by the eCh0raix ransomware (also known as QNAPCrypt). For example, on Bleeping Computer's forum, there is <a href=\"https:\/\/www.bleepingcomputer.com\/forums\/t\/617854\/ech0raix-ransomware-qnapcryptsynology-nas-encrypt-support-topic\/page-74#entry5370647\" target=\"_blank\" rel=\"noopener\">this post<\/a> from a victim where all data on a QNAP TS-251+ server was encrypted on June 6, 2022. On June 17, 2022, there is another affected person in the <a href=\"https:\/\/www.bleepingcomputer.com\/forums\/t\/617854\/ech0raix-ransomware-qnapcryptsynology-nas-encrypt-support-topic\/page-74#entry5373363\" target=\"_blank\" rel=\"noopener\">same thread<\/a>. The ransomware is not new, there have been warnings in the past (see the following links).&nbsp; <\/p>\n<p><strong>Similar articles: <\/strong><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/06\/12\/qnap-sicherheitswarnung-vor-ech0raix-ransomware\/\">QNAP Security Advisory about eCh0raix Ransomware<\/a> <a href=\"https:\/\/www.borncity.com\/blog\/2020\/06\/12\/qnap-sicherheitswarnung-vor-ech0raix-ransomware\/\">QNAP Sicherheitswarnung vor eCh0raix-Ransomware<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2022\/06\/11\/qts-5-sicherheitsupdates-fr-qnap-nas-gerte-8-juni-2022\/\">QTS 5.0.0 security updates for QNAP NAS devices (June 8, 2022)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2022\/02\/11\/qnap-update-qts-5-0-0-1932-build-20220129-schliet-samba-schwachstelle-cve-2021-44142\/\">QNAP Update QTS 5.0.0.1932 build 20220129 closes SAMBA vulnerability CVE-2021-44142<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2022\/02\/01\/qnap-deadbolt-angriffe-ber-eine-im-dezember-2021-gepatchte-schwachstelle\/\">QNAP: DeadBolt attacks via vulnerability patched in December 2021<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]QNAP system owners are currently under fire from two ransomware groups. Once, cases of infections with the eCh0raix ransomware were detected. This is where drives are encrypted. In addition, QNAP has recently published a security notice that warns against attacks &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/06\/21\/deadbold-and-ech0raix-ransomware-attacks-on-qnap-nas-june-2022\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[448,580],"tags":[642,69],"class_list":["post-24976","post","type-post","status-publish","format-standard","hentry","category-devices","category-security","tag-devices","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24976","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=24976"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24976\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=24976"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=24976"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=24976"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}