Friday, January 15, 21:30
Home security eCh0raix ransomware: Targets Linux file storage servers

eCh0raix ransomware: Targets Linux file storage servers

Security researchers have identified a new ransomware called eCh0raix, which targets Linux devices with QNAP Network Attached Storages (NAS). Ransomware is designed to infect and encrypt victims' files using AES encryption.

Malware is based on Go programming language, and has only 400 code lines. It has a very low detection rate and only targets QNAP NAS servers Linux.

QNAP is a Taiwanese company known for selling NAS servers that are mainly used for multimedia storage and playback needs. More generally, the NAS servers are used to store large amounts of data and files.

The ransomware named "QNAPCrypt" by Intezer and "eCh0raix" from Anomali, has basic ransomware functionality, but contains several differences.

Once the malware is running, it communicates with the command and control server to begin the encryption process. Prior to encryption, it requests specific information from the C&C server, such as the address of the wallet where ransomeware victims' money will be deposited, and a public RSA key.

Communication with the C2 server is via the Tor network, with the help of a SOCKS5 proxy server. The data sent from the server is encoded with JSON. Ransomware encrypts the file using an AES-256 key and adds the .ccrypt extension to the encrypted files.

Before the encryption process starts, the following services are terminated on infected NAS servers:

apache2
httpd

mysqld
MySQL
PHP-fpm
php5-fpm
PostgreSQL

 

ECh0raix encrypts the following extensions:

.dat.db0.dba.dbf.dbm.dbx.dcr.der.dll.dml.dmp.dng.doc.dot.dwg.dwk.dwt.dxf.dxg.ece.eml.epk.eps.erf.esm .ewp.far.fdb.fit.flv.fmp.fos.fpk.fsh.fwp.gdb.gho.gif.gne.gpg.gsp.gxk.hdm.hkx.htc.htm.htx.hxs.idc.idx .ifx.iqy.iso.itl.itm.iwd.iwi.jcz.jpe.jpg.jsp.jss.jst.jvs.jws.kdb.kdc.key.kit.ksd.lbc.lbf.lrf.ltx.lvl .fr .nsf.ntl.nv3.nxg.nzb.oam.odb.odc.odc.odm.odp.ods.odt.ofx.olp.orf.oth.p4.p3b.p2c.pac.pak.pdb.pdd.pdf.pef pdf .qfx

Ways of Protection from eCh0raix ransomware

What actions should the administrators of NaS devices do to protect their systems effectively? Security researchers recommend that admins restrict external access to QNAP NAS devices, use strong passwords, and ensure that their devices are up-to-date, always having the latest security updates.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Nat BotPak
Nat BotPak
LIFE IS TOO SHORT to remove usb safely

LIVE NEWS

Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...
00:02:36

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...