11 Jul 2019

What You Need to Know About the New Ransomware Targeting NAS Devices and How to Stay Protected

Many businesses have trusted Network Attached Storage (NAS) devices to store critical data and back-ups; however, they often lack the security software needed for proper protection. Without proper security, the devices are left exposed and vulnerable, making them a clear target for cyberattacks.

A team of researchers at Anomali, a US based cybersecurity company, discovered a new ransomware that specifically targets QNAP NAS devices. Dubbed “eCh0raix” after a string found within the malware’s code, the ransomware compromises NAS devices by brute forcing weak credentials and exploiting known vulnerabilities in targeted attacks.

The ransomware written in Go programming language will first check to discover if the files are already encrypted before beginning the encryption process. After the initial stage, the ransomware begins to encrypt the targeted file extensions on the NAS device using AES encryption to lock the files with a .encrypt extension. A ransom note is then delivered to the organization which details the attack, directs users to a Tor website to make a ransom payment, and warns them not to tamper with the files. It remains unclear who the cyber criminals are; however, there are several typos in the ransom note that suggest the criminals behind the attacks are not native English speakers.

Stay Protected from Cyberattacks:

CompuData is a Leading Business Technology company that provides Cloud Hosting, ERP Solutions, IT Security, and Managed IT Services. We understand how crucial it is to ensure your NAS device is up to date with security patches to prevent attacks like these. Not only can CompuData prevent this type of attack from occurring, we are able to recover data should a breach ever occur.

Do you have security concerns? Trust CompuData to protect your business and valuable data. Click here for more information on how we can protect and secure your data.