ITPro Today has reported that Anomali, a threat detection vendor, has discovered a ransomware that targets QNAP network-attached storage devices via a brute-force credential attack that bypasses weak log in credentials. The ransomware, called eCh0raix, scans the internet for publicly accessible QNAP devices. It then encrypts specifically targeted file extensions on the NAS using AES encryption, appends an “.encrypt” extension to the encrypted files, and then serves up a ransom note that demands bitcoin payment.
“This is the first I’ve heard of a hacker targeting a specific hardware type;” says Scott Sinclair, a senior analyst for ESG. “Typically, they target users and then get in through the user space rather than targeting specific back-end devices. But NAS devices are designed to hold data storage, file storage, which tends to be very valuable. ” NAS devices are also less likely to have commercial antivirus protection, are used by smaller businesses or branch offices, and are less likely to have up-to-date security in place.
Read the full story, including mitigation actions, on ITPro at: