eCh0raix Ransomware Infects QNAP Nas Devices In Ongoing Attacks
CYBER NOUVELLES

eCh0raix Ransomware Infects QNAP Nas Devices In Ongoing Attacks

1 Star2 Stars3 Stars4 Stars5 Stars (Pas encore d'évaluation)
Loading ...


Several security reports indicate that a new dangerous virus called the eCh0raix ransomware is being used against QNAP Nas device owners. It appears that it is being sent in a worldwide campaigns using preset hacking configuration options and automated toolkits.




eCh0raix Ransomware Aimed Against QNAP NAS Devices Worldwide

An ongoing attack campaign is set onto QNAP NAS devices owned by both end users and enterprise users. The malware which is currently used against them is the Linux-based eCh0raix ransomware. At the moment there is no information regarding the criminal group behind the campaign. However during the code analysis it appears that there is an liste noire which will stop the infection if the victim’s device is located in these countries: Belarus, Ukraine or Russia. This means that it is very likely that the campaign is targeted and that the hackers may originate from one of these countries or another Russian-speaking one.

en relation: CVE-2019-7406 Wi-Fi TP-Link Extenders peut être exploitée sans authentification

The current version of the eCh0raix Ransomware is written in the Go Language et infects the devices via existing vulnerabilities. This allows the hackers to automate the infections using penetration testing toolkits and frameworks. As soon as the infection is made the virus will establish a secure and persistent connection to a hacker-controlled server. One of the distinct characteristics of the threat is that it will relay the connection through the Réseau Tor. However the active infections have disabled this functionality at the moment choosing to directly communicate with the hackers. The virus engine has been programmed to retrieve a configuration file which will direct it further.

What will follow is le cryptage des fichiers based on a built-in list of target file type extensions. This is done in a way which is very similar to the desktop ransomware variants — a list of target data is used to direct a strong cipher. The result will be inaccessible sensitive data, a ransomware message will be shown to the victims which will extort them for a payment to the hackers. In the case of the analyzed infections this message is created in a file called README_FOR_DECRYPT.txt. Before the file encryption is started it will disable any running web servers so that the process can complete without problems.

The built-in list found within the captured samples includes the following file type extensions:

.dat.db0.dba.dbf.dbm.dbx.dcr.der.dll.dml.dmp.dng.doc.dot.dwg.dwk.dwt.dxf.dxg.ece.eml.epk.eps.erf.esm.ewp.far.fdb.fit.flv.fmp.fos.fpk.fsh.fwp.gdb.gho.gif.gne.gpg.gsp.gxk.hdm.hkx.htc.htm.htx.hxs.idc.idx.ifx.iqy.iso.itl.itm.iwd.iwi.jcz.jpe.jpg.jsp.jss.jst.jvs.jws.kdb.kdc.key.kit.ksd.lbc.lbf.lrf.ltx.lvl.lzh.m3u.m4a.map.max.mdb.mdf.mef.mht.mjs.mlx.mov.moz.mp3.mpd.mpp.mvc.mvr.myo.nba.nbf.ncf.ngc.nod.nrw.nsf.ntl.nv2.nxg.nzb.oam.odb.odc.odm.odp.ods.odt.ofx.olp.orf.oth.p12.p7b.p7c.pac.pak.pdb.pdd.pdf.pef.pem.pfx.pgp.php.png.pot.ppj.pps.ppt.prf.pro.psd.psk.psp.pst.psw.ptw.ptx.pub.qba.qbb.qbo.qbw.qbx.qdf.qfx

As soon as the file processing module has completed the users will be left with encrypted files.

avatar

Martin Beltov

Martin a obtenu un diplôme en édition de l'Université de Sofia. En tant que passionné de cyber-sécurité, il aime écrire sur les menaces les plus récentes et les mécanismes d'intrusion.

Plus de messages - Site Internet

Suivez-moi:
GazouillementGoogle Plus

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont marqués *

Délai est épuisé. S'il vous plaît recharger CAPTCHA.

Partager sur Facebook Partager
Loading ...
Partager sur Twitter Tweet
Loading ...
Partager sur Google Plus Partager
Loading ...
Partager sur Linkedin Partager
Loading ...
Partager sur Digg Partager
Partager sur Reddit Partager
Loading ...
Partager sur Stumbleupon Partager
Loading ...