Another day, another cyberattack against QNAP network attached storage (NAS) devices. This time, QNAP users are being targeted by ech0raix, a well-known ransomware operator that has been targeting vulnerable QNAP devices for years.

Users began reporting ransomware attacks on June 8, and since then the number of ransomware ID submissions has been rapidly accumulating. Jusqu'à present, «quelques douzaines» d'échantillons ont été soumis, but the name réel d'attaques réussies is probably beaucoup plus elevé puisque certaines victimes n'utiliseront pas le service ID Ransomware pour detect la souche que les ataquées, indicate Publication.

QNAP is silent on the issue so far, so it is unclear exactly how the attack was staged and whether malware was used or not.

defend the scene

To defend vulnerable endpoints (opens in a new tab) from attack, users can turn to advice provided by the company during one of the previous attacks, including creating a stronger password for administrator accounts, which enables IP Access Protection to defend against brute force attacks and bypassing default port numbers (443, 8080).

You can find a detailed guide on how to configure all these things in the QNAP security advisory here (opens in a new tab).

The company also warned users to disable Universal Plug and Play (UPnP) port forwarding on their routers, so as not to expose their devices to the Internet. Also, disabling SSH and Telnet connections and enabling IP protection and account access should also help.

ech0raix is ​​a known ransomware strain that has been targeting vulnerable QNAP devices (opens in a new tab) since at least 2019. There have been several large-scale attacks reported in the media, beginning with a forced entry into exposed NAS devices to Internet

Since then, attacks against QNAP terminals have been observed twice in 2020, once in 2021 and once in early 2022.

Via: BleepingComputer (Opens in a new tab)

Share This