eCh0raix Ransomware Infects QNAP Nas Devices In Ongoing Attacks
CYBER NOTICIAS

eCh0raix Ransomware Infects QNAP Nas Devices In Ongoing Attacks

1 Star2 Stars3 Stars4 Stars5 Stars (Sin clasificación todavía)
Cargando ...


Several security reports indicate that a new dangerous virus called the eCh0raix ransomware is being used against QNAP Nas device owners. It appears that it is being sent in a worldwide campaigns using preset hacking configuration options and automated toolkits.




eCh0raix Ransomware Aimed Against QNAP NAS Devices Worldwide

An ongoing attack campaign is set onto QNAP NAS devices owned by both end users and enterprise users. The malware which is currently used against them is the Linux-based eCh0raix ransomware. At the moment there is no information regarding the criminal group behind the campaign. However during the code analysis it appears that there is an lista negra which will stop the infection if the victim’s device is located in these countries: Belarús, Ukraine or Russia. This means that it is very likely that the campaign is targeted and that the hackers may originate from one of these countries or another Russian-speaking one.

Relacionado: CVE-2019-7406 en el TP-Link Wi-Fi extensores pueden ser explotados sin autenticación

The current version of the eCh0raix Ransomware is written in the Go Language y infects the devices via existing vulnerabilities. This allows the hackers to automate the infections using penetration testing toolkits and frameworks. As soon as the infection is made the virus will establish a secure and persistent connection to a hacker-controlled server. One of the distinct characteristics of the threat is that it will relay the connection through the Tor Red. However the active infections have disabled this functionality at the moment choosing to directly communicate with the hackers. The virus engine has been programmed to retrieve a configuration file which will direct it further.

What will follow is cifrado de archivos based on a built-in list of target file type extensions. This is done in a way which is very similar to the desktop ransomware variants — a list of target data is used to direct a strong cipher. The result will be inaccessible sensitive data, a ransomware message will be shown to the victims which will extort them for a payment to the hackers. In the case of the analyzed infections this message is created in a file called README_FOR_DECRYPT.txt. Before the file encryption is started it will disable any running web servers so that the process can complete without problems.

The built-in list found within the captured samples includes the following file type extensions:

.dat.db0.dba.dbf.dbm.dbx.dcr.der.dll.dml.dmp.dng.doc.dot.dwg.dwk.dwt.dxf.dxg.ece.eml.epk.eps.erf.esm.ewp.far.fdb.fit.flv.fmp.fos.fpk.fsh.fwp.gdb.gho.gif.gne.gpg.gsp.gxk.hdm.hkx.htc.htm.htx.hxs.idc.idx.ifx.iqy.iso.itl.itm.iwd.iwi.jcz.jpe.jpg.jsp.jss.jst.jvs.jws.kdb.kdc.key.kit.ksd.lbc.lbf.lrf.ltx.lvl.lzh.m3u.m4a.map.max.mdb.mdf.mef.mht.mjs.mlx.mov.moz.mp3.mpd.mpp.mvc.mvr.myo.nba.nbf.ncf.ngc.nod.nrw.nsf.ntl.nv2.nxg.nzb.oam.odb.odc.odm.odp.ods.odt.ofx.olp.orf.oth.p12.p7b.p7c.pac.pak.pdb.pdd.pdf.pef.pem.pfx.pgp.php.png.pot.ppj.pps.ppt.prf.pro.psd.psk.psp.pst.psw.ptw.ptx.pub.qba.qbb.qbo.qbw.qbx.qdf.qfx

As soon as the file processing module has completed the users will be left with encrypted files.

avatar

Martin Beltov

Martin se graduó con un título en Edición de la Universidad de Sofía. Como un entusiasta de la seguridad cibernética que le gusta escribir sobre las últimas amenazas y mecanismos de intrusión.

Más Mensajes - Sitio web

Sígueme:
Gorjeogoogle Plus

Dejar un comentario

Su dirección de correo electrónico no será publicada. Los campos necesarios están marcados *

Se agotó el tiempo límite. Vuelve a cargar de CAPTCHA.

Compartir en Facebook Compartir
Cargando ...
Compartir en Twitter Pío
Cargando ...
Compartir en Google Plus Compartir
Cargando ...
Compartir en Linkedin Compartir
Cargando ...
Compartir en Digg Compartir
Compartir en Reddit Compartir
Cargando ...
Compartir en Stumbleupon Compartir
Cargando ...