Anomali reported on their observation of the eCh0raix ransomware targeting Synology NAS (Network Attached Storage) devices.
Once the hacker has gained access to the NAS device, either through brute-force, default credentials, or dictionary attacks, the data on the device’s drives can be encrypted.
After encryption, a “.encrypt” extension was added to the file’s name. An Onion URL and Bitcoin wallet were provided for payment and instructions on how to obtain the decryptor. There is also a “live chat” functionality in case the victim has issues and needs help.
When examining the malware it was found that this is the same malware that was targeting QNAP devices the month before.
Restrict external access to the NAS devices or the access should be limited only via VPN. Ensure all NAS devices are up-to-date with security patches and that strong credentials are employed.
Full report can be found here
Indicators of Compromise
Domain / IP