eCh0raix Ransomware Infects QNAP Nas Devices In Ongoing Attacks
CYBER NEWS

eCh0raix Ransomware Infects QNAP Nas Devices In Ongoing Attacks

1 Star2 Stars3 Stars4 Stars5 Stars (Noch keine Bewertungen)
Loading ...


Several security reports indicate that a new dangerous virus called the eCh0raix ransomware is being used against QNAP Nas device owners. It appears that it is being sent in a worldwide campaigns using preset hacking configuration options and automated toolkits.




eCh0raix Ransomware Aimed Against QNAP NAS Devices Worldwide

An ongoing attack campaign is set onto QNAP NAS devices owned by both end users and enterprise users. The malware which is currently used against them is the Linux-based eCh0raix ransomware. At the moment there is no information regarding the criminal group behind the campaign. However during the code analysis it appears that there is an schwarze Liste which will stop the infection if the victim’s device is located in these countries: Weißrussland, Ukraine or Russia. This means that it is very likely that the campaign is targeted and that the hackers may originate from one of these countries or another Russian-speaking one.

verbunden:
Im Falle eines erfolgreichen Angriffs, CVE-2019-7406 could allow arbitrary command execution via a malformed user agent field in HTTP headers.
CVE-2019-7406 in TP-Link WLAN-Extenders kann ohne Authentifizierung ausnutzen

The current version of the eCh0raix Ransomware is written in the Go Language und infects the devices via existing vulnerabilities. This allows the hackers to automate the infections using penetration testing toolkits and frameworks. As soon as the infection is made the virus will establish a secure and persistent connection to a hacker-controlled server. One of the distinct characteristics of the threat is that it will relay the connection through the Tor-Netzwerk. However the active infections have disabled this functionality at the moment choosing to directly communicate with the hackers. The virus engine has been programmed to retrieve a configuration file which will direct it further.

What will follow is Dateiverschlüsselung based on a built-in list of target file type extensions. This is done in a way which is very similar to the desktop ransomware variants — a list of target data is used to direct a strong cipher. The result will be inaccessible sensitive data, a ransomware message will be shown to the victims which will extort them for a payment to the hackers. In the case of the analyzed infections this message is created in a file called README_FOR_DECRYPT.txt. Before the file encryption is started it will disable any running web servers so that the process can complete without problems.

The built-in list found within the captured samples includes the following file type extensions:

.dat.db0.dba.dbf.dbm.dbx.dcr.der.dll.dml.dmp.dng.doc.dot.dwg.dwk.dwt.dxf.dxg.ece.eml.epk.eps.erf.esm.ewp.far.fdb.fit.flv.fmp.fos.fpk.fsh.fwp.gdb.gho.gif.gne.gpg.gsp.gxk.hdm.hkx.htc.htm.htx.hxs.idc.idx.ifx.iqy.iso.itl.itm.iwd.iwi.jcz.jpe.jpg.jsp.jss.jst.jvs.jws.kdb.kdc.key.kit.ksd.lbc.lbf.lrf.ltx.lvl.lzh.m3u.m4a.map.max.mdb.mdf.mef.mht.mjs.mlx.mov.moz.mp3.mpd.mpp.mvc.mvr.myo.nba.nbf.ncf.ngc.nod.nrw.nsf.ntl.nv2.nxg.nzb.oam.odb.odc.odm.odp.ods.odt.ofx.olp.orf.oth.p12.p7b.p7c.pac.pak.pdb.pdd.pdf.pef.pem.pfx.pgp.php.png.pot.ppj.pps.ppt.prf.pro.psd.psk.psp.pst.psw.ptw.ptx.pub.qba.qbb.qbo.qbw.qbx.qdf.qfx

As soon as the file processing module has completed the users will be left with encrypted files.

Martin Beltov

Martin hat einen Abschluss in Publishing von der Universität Sofia. er schreibt gerne über die neuesten Bedrohungen und Mechanismen des Eindringens Als Cyber-Security-Enthusiasten.

Mehr Beiträge - Webseite

Folge mir:
ZwitschernGoogle plus

Schreibe einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind markiert *

Frist ist erschöpft. Bitte laden CAPTCHA.

Auf Facebook teilen Teilen
Loading ...
Empfehlen über Twitter Tweet
Loading ...
Share on Google Plus Teilen
Loading ...
Share on Linkedin Teilen
Loading ...
Empfehlen über Digg Teilen
Teilen auf Reddit Teilen
Loading ...
Empfehlen über Stumbleupon Teilen
Loading ...