A New Ransomware Targeting Linux-based NAS Devices

By

It doesn’t target NAS devices located in Russia.

Linux-based (NAS) devices made by QNAP Systems are under a new ransomware attack, allowing bad actors to hold users data hostage for ransom.

According to The Hacker News, independently discovered by researchers at two separate security firms, Intezer and Anomali, the new ransomware family targets poorly protected or vulnerable QNAP NAS servers either by brute forcing weak SSH credentials or exploiting known vulnerabilities.

The ransomware implementations are named "QNAPCrypt" by Intezer and "eCh0raix" by Anomali. Written in the Go programming language, the ransomeware encrypts files with targeted extensions using AES encryption and appends an .encrypt extension to each.

For some unknown reason, the ransomware is being merciful to NAS devices located in Belarus, Ukraine, or Russia. “The ransomware terminates the file encryption process and exits without doing any harm to the files,” reported the Hacker News.

07/16/2019

Related content

comments powered by Disqus