A new issue puts users using QNAP or Synology NAS at risk. It is a variant of the eCh0raix ransomware, which has recently been discovered. This type of malware has previously put these servers at risk in different waves. Now we are facing a variant that puts devices at risk again by encrypting the files of the victims.
eCh0raix returns to attack QNAP and Synology NAS
QNAP and Synology are two of the most popular brands in NAS devices. Hackers typically attack the systems and computers that are most used and thus have a greater chance of success. This is what they have achieved with the new variant of eCh0raix, which is capable of encrypting the files on NAS servers of these brands.
The eCh0raix ransomware originally targeted QNAP NAS devices. This threat was also known as QNAPCrypt. It is not something new, as it first appeared in 2016 and there have been different waves during the following years. Years later, it also managed to attack Synology computers.
However, now we are facing a variant of this malware that is capable of attacking both brands. Until now it had done it separately, but a group of security researchers from Palo Alto Networks has released a report showing how it is capable of putting QNAP and Synology at risk at the same time.
This new functionality to be able to attack both brands appeared a few months ago. Until then, as indicated by Palo Alto Networks, they had separate code bases for individual campaigns, while now it is grouped.
They exploit a known vulnerability
To successfully attack victims’ computers, attackers exploit a vulnerability known and registered as CVE-2021-28799 . This allows hackers to access encrypted or backdoor credentials. In this way they have the power to encrypt files on QNAP NAS servers.
In the case of Synology , they indicate that they use brute force to successfully deliver the payload of the ransomware by guessing the administrative credentials that are generally used by users and have not changed.
Both Synology and QNAP have recently issued notices to their users to properly protect data and prevent attacks from both this ransomware and other similar threats that can also put stored information at risk.
According to the data they handle from Palo Alto Networks, there are more than 250,000 QNAP and Synology devices that are exposed on the network today. They can be attacked by cyber criminals to deliver ransomware like eCh0raix.
So what can we do to protect NAS devices and avoid such problems? Something fundamental is to always keep them updated. It is vital to have the latest versions. This will help avoid vulnerabilities that can be exploited.
But in addition, it is also advisable to change the password to access the devices and avoid using the one that comes from the factory. This will greatly reduce the risk of brute force attacks that can be used to eventually encrypt files.