eCh0raix Ransomware
The eCh0raix Ransomware is a file-locking Trojan that blocks media on network-attached storage devices. Since there isn't a decryptor that can counteract its attacks freely, users should depend on preventative security, such as maintaining robust login credentials and software updates, for protecting their files. Anti-malware services compatible with Linux systems, also, should remove the eCh0raix Ransomware appropriately.
QNAP in Trojans' Crosshairs, Once Again
With the introduction of the eCh0raix Ransomware into the wild, file-locker Trojans for network-attached storage products may become less of a rarity and more of a long-term trend. The eCh0raix Ransomware follows in the footsteps of the QNAPCrypt, a similar threat that, like it, takes hostage the contents of QNAP-brand NAS. Other than the preferred Linux environment and hardware choice, the eCh0raix Ransomware and the older, unrelated Trojan, are similar to typical Trojans of their category.
Digital media that the eCh0raix Ransomware can lock with encryption includes, but isn't restricted to, formats such as JPG images, Word documents, Excel spreadsheets, Adobe PDFs and Notepad text files. It adds 'encrypt' extensions to their names, which is similar to QQNAPCrypt's choice of 'encrypted' confusingly – and could lead a victim into using an incompatible decryption solution, as a result. Users should back any blocked content up before attempting a decryption-based restoration since an inappropriate decryption algorithm can destroy the file, permanently.
Malware researchers are highlighting two, systemic vulnerabilities that are leading to the eCh0raix Ransomware infections and the subsequent locking of files: using non-secure logins and outdated QNAP software. Poorly-chosen passwords and usernames are at risk from the brute-forcing utilities that criminals use for estimating logins, and out-of-date software can harbor flaws related to letting an attacker execute arbitrary code. As long as users adhere to good security practices, both of these infection avenues are defensible.
Avoiding a Nap While the eCh0raix Ransomware is Lurking
The Taiwan-based QNAP is aware of the current campaigns against its products, including the attacks of both QNAPCrypt and the slightly newer the eCh0raix Ransomware. Besides the usual precautions that pertain to most PC and phone users, they, also, recommend updating the QNAP QTS software, enabling the NAP (network access protection) feature, closing ports 8080 and 443, and disabling both telnet and SSH features. Together, with other defenses, such as a robust password, users should be relatively impenetrable to any the eCh0raix Ransomware infection attempts.
An interesting quirk of the eCh0raix Ransomware's campaign is that its configuration forbids any installations in Russia, Belarus or Ukraine. This prerequisite is one of the few factors separating the eCh0raix Ransomware from QNAPCrypt and narrows the range of the threat actor's operations to a relatively small region of the world. Residents of those areas remain at risk from other classes of file-locking Trojans, however.
Use a Linux-friendly anti-malware service for removing the eCh0raix Ransomware, if it's necessary, or preventing infections through means other than manual ones by an attacker.
Malware researchers don't see many cases of file-locking Trojans aiming for such specific hardware, but the eCh0raix Ransomware is the second out of what could be more to come. A backup device is as dependable as your protection for it, and, hopefully, all readers are defending theirs well.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.