The eCh0raix ransomware is now updated to target two vendors’ devices that are mostly used in Single Office and Home Office (SOHO) setups. Earlier, the ransomware was used to target Synology and QNAP NAS in separate campaigns.The latest campaign, a new version of malware is observed targeting both devices simultaneously.

  • It targets the flaw (CVE-2021-28799) in Hybrid Backup Sync (HBS 3) software in QNAP NAS devices.
  • The attack was leveraged hard-coded session ID to avoid authentication. Subsequently, it executed a command on the device to download malware from the remote server.
  • Moreover, the same eCh0raix version was found targeting Synology NAS devices as well. 

The new version of eCh0raix is considered a wilder threat for millions of devices due to its combined capacity to attack two vendors.

  • The researchers have stated that there are 240,000 internet-connected QNAP NAS devices. Therefore there are more than a quarter-million potential targets still exposed and vulnerable. 
  • Although there are only 3,500 Synology NAS devices, making the attack’s surface is limited for this vendor.
  • Some victims have already posted about being targeted, and they claim to have paid bitcoin valued at about $500 a ransom, as recently as June 16.

The new variant of eCh0raix ransomware is an indication that cybercriminals are actively updating their tactics. Therefore, researchers recommend updating device firmware as the first step of defense. Also, it is recommended to create complex passwords and limit connections to SOHO-connected devices.