Image source: QNAP
The eCh0raix ransomware was revealed earlier in July this year and its main targets happen to be QNAP NAS device owners. QNAP has since put out a security advisory for its NAS product owners.
The advisory has recommended steps on how to avoid possible infection by the ransonware. For infected NAS products, the company is still working on a solution for its removal.
The security advisory strongly recommends the following steps to prevent eCh0raix infection.
- Update QTS to the latest version.
- Install and update Malware Remover to the latest version.
- Use a stronger admin password.
- Enable Network Access Protection to protect accounts from brute force attacks.
- Disable SSH and Telnet services if you are not using them.
- Avoid using default port numbers 443 and 8080.
The eCh0raix ransomware was revealed by Anomali Labs, and this malware uses brute force to gain access to QNAP NAS devices. It then encrypts targeted file extensions on the infected device using AES encryption. A ransom note is then created to ask for Bitcoin payment from the owner in order to reinstate the encrypted files back to their original status.
According to the researchers, the ransonware will dial back to a proxy server that connects to a TOR network to hide the digital trail of the perpetrators. The encryption routine of the malware makes use of a mathematical library to generate a random string to create the AES-256 key, so the researchers feel that by examining the math package of the library, it’s highly possible to write a decryptor that will reinstate the encrypted files that are held for ransom. Do visit Anomali Lab’s site for a detailed description of eCh0raix ransomware.
For more details, do click here to read the QNAP security advisory NAS-201907-11 for eCh0raix ransomware infection prevention.
Source: QNAP, Anomali Labs
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.