NAS vendor QNAP warns its customers about 'eCh0raix' ransomware


Posts: 2,821   +574
Staff member

A ransomware attack is any PC enthusiast's worst nightmare -- there's very little that's more terrifying than having all of your personal data locked behind an outrageous paywall. While vigilance, regular system back-ups, strong security software, and smart internet usage can mitigate (or outright block) the damage ransomware could cause, the risk is still there.

After the "WannaCry" scare that took place some time ago, the internet has been on high alert regarding any similar attacks. Unfortunately, earlier this month, yet another form of ransomware -- dubbed "eCh0raix" -- was revealed by Anomali, and its primary targets appear to be QNAP's network-attached storage device customers.

Shortly after eCh0raix was revealed, QNAP published a security advisory for its NAS customers, which warns them about the dangers this ransomware can pose, while also listing several "Recommendations" for as-of-yet unaffected users to follow to prevent infection.

These steps include updating QTS to the latest version, installing and updating Malware Remover, using a "Stronger" administrator password (it's unclear what they mean by this), enabling Network Access Protection, disabling SSH and Telnet, and avoiding the use of ports 443 and 8080. For anyone who has been hit by the eCh0raix ransomware, QNAP says it's "working on a solution" to remove the malware, and will release it at the "soonest possible time."

It's been roughly two weeks since the advisory was posted, and it doesn't appear to have been updated with any information regarding this solution, so it is likely still in development.

Permalink to story.



Posts: 775   +1,673
The #1 "advisory" anyone can give is a reminder that NAS's by themselves are "one tool in a toolbox", they are not a comprehensive full spectrum data security solution on their own. ie, no matter how many drives you have mirrored inside the NAS to protect vs single drive failure, be sure to have at least one external 3.5" drive that contains a backup of all data on the NAS you can't afford to lose. And then unplug it and put it somewhere safe away from the NAS. If your NAS then gets hacked, damaged, stolen or compromised by ransomware, you won't lose your data.
Weird that they don't list enabling 2FA in their recommended actions list... especially since one of the methods that eCh0raix is brute-forcing weak passwords.