QNAP Network Attached Storage (NAS) devices yet again becomes a viable victim amid the surge of ech0raix aka QNAPCrypt ransomware according to the emerging...

Continue reading
According to user reports and sample uploads on the ID Ransomware site, the Ech0raix ransomware has resurfaced and is now targeting vulnerable QNAP Network Attached Storage (NAS) devices.
Beginning in the summer of 2019, ech0raix alias QNAPCrypt launched many large-scale attacks against QNAP customers by brute-forcing their way into Internet-exposed NAS devices.
Since then, victims of this ransomware strain have discovered and reported numerous further campaigns, in June 2020, May 2020, and a large wave of attacks targeting devices with weak passwords that began in mid-December 2021 (just before Christmas) and gradually subsided by early February 2022.
A new round of ech0raix attacks has been validated by the rapidly rising number of ID Ransomware submissions and user reports of infection, the earliest of which was on June 8.
Although only a few dozen samples of ech0raix have been submitted, the actual number of successful attacks is likely to be larger, as only a subset of victims will use the ID Ransomware service to identify the ransomware that encrypted their devices.
Despite the fact that this ransomware has also been used to encrypt Synology NAS systems from August 2021, only QNAP NAS machines have been proven infected at this time.
The attack vector employed in this current ech0raix campaign is unknown until QNAP provides additional information.

Although QNAP has not yet issued a warning regarding these attacks, the business has previously recommended clients to protect their data from potential eCh0raix attacks by:
In this security advisory, QNAP gives extensive step-by-step instructions for changing the NAS password, enabling IP Access Protection, and changing the system port number.
The Taiwanese hardware manufacturer also advised consumers to disable Universal Plug and Play (UPnP) port forwarding on their routers to prevent Internet-based attacks on their NAS devices.
Follow these steps to disable SSH and Telnet connections and enable IP and account access protection.
Thursday, QNAP cautioned users to defend their systems against ongoing attacks using DeadBolt ransomware payloads.
_"According to the investigation conducted by the QNAP Product Security Incident Response Team (QNAP PSIRT), the attack targeted NAS systems running QTS 4.3.6 and QTS 4.4.1, with the majority of impacted models belonging to the TS-x51 and TS-x53 series,"_ the NAS manufacturer explained. _"QNAP encourages all NAS users to check and update QTS to the most recent version immediately and to avoid exposing their NAS to the Internet."_

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation