Anomali Discovers Ransomware Targeting Consumer and Enterprise Storage Devices

Anomali, provider in threat intelligence, discovers new ransomware targeting consumer, enterprise storage devices frequently store value files and backups usually don’t have antivirus protection deployed, and published the analysis in its research blog.

It details a new type of ransomware identified by the Anomali Threat Research Team. Designated as ‘eCh0raix,’ it is targeting Qnap Systems, Inc.‘s NAS. Impacted consumer and enterprise devices appear to be compromised via brute-force credential attacks and through exploits of known vulnerabilities. The ransomware encrypts the targeted file extensions on the NAS using AES encryption and appends an ‘encrypt’ extension to the encrypted files. The ransom note directs victims to pay varied amounts in Bitcoin via a website accessible wih a Tor browser.

The company threat researchers believe that the NAS device approach is significant. Such devices typically store critical files and backups, making them a lucrative target for ransomware threat actors. These types of devices usually do not have antivirus products running on them, which leaves them more vulnerable to attacks.

“Ransomware has become the biggest and most costly form of cyber crime. Criminals view every device and system connected to the internet as an opportunity to extort victims,” said Joakim Kennedy, threat research team, Anomali. “We want to provide the security community with as much information as possible about all forms of threats we observe. We hope that this early warning helps organizations to take proactive steps to stop this new attack before it has a chance to cause major problems.“

Detailed findings are available in the blog: The eCh0raix Ransomware. It provides understanding of the ransomware, attack and mitigation steps.

Read also:
Response to Ransomware Attacks: Take Actions to Secure QNAP NAS
Recommandation from Qnap