New Ransomware targets QNAP NAS Drives

A new form of ransomware called eCh0raixis is targeting QNAP NAS Drives, exploiting vulnerabilities in the device and brute-forcing passwords to encrypt the contents.

eCh0raix connects to a command-and-control server on the internet and then begins the encryption process, creating an AES-256 encryption key to lock the files with a .encrypt extension.

Users are then presented with a ransom note informing than that all their data has been locked and requesting a ransom payment in bitcoin.

To protect against this and similar threats, it is recommended that external access to drives is restricted so they can’t be accessed directly from the internet. It’s also recommended that security updates are applied and a strong password is utilised to protect systems from brute-force attacks.

It is also vital to have an off-line back-up, for example on an external hard disk kept off-site or in an on-premises fire-proof safe, as a last line of defense from this type of attack. Once ransomware or similar malware is on your system, it will make every attempt to encrypt or destroy every copy of your data that it can, including any on-line back-ups like attached hard disks or cloud storage systems. Cloud storage providers like SharePoint do try to protect your data by preventing large-scale deletion or changing of your data, but you must have an off-line copy to fall back on in case of disaster.

If you do not have a robust back-up system and a disaster recovery recovery plan, call us on 01293 446677 for free advice, or fill in the enquiry form at the bottom of this page for a quick response.