Devices Frequently Store High-Value Files and Backups, Usually Don’t Have Antivirus Protection Deployed
REDWOOD CITY, Calif., July 10, 2019 (GLOBE NEWSWIRE) -- Anomali, a leader in threat intelligence, today published its latest research blog. It details a new type of ransomware identified by the Anomali Threat Research Team. Designated as “eCh0raix,” it is targeting QNAP Network Attached Storage (NAS) devices. Impacted consumer and enterprise devices appear to be compromised via brute-force credential attacks and through exploits of known vulnerabilities. The ransomware encrypts the targeted file extensions on the NAS using AES encryption and appends an “.encrypt” extension to the encrypted files. The ransom note directs victims to pay varied amounts in Bitcoin via a website accessible with a Tor browser.
Anomali threat researchers believe that the NAS device approach is significant. Such devices typically store critical files and backups, making them a lucrative target for ransomware threat actors. These types of devices usually do not have antivirus products running on them, which leaves them more vulnerable to attacks.
“Ransomware has become the biggest and most costly form of cyber crime. Criminals view every device and system connected to the internet as an opportunity to extort victims,” said Joakim Kennedy, of the Anomali Threat Research Team. “We want to provide the security community with as much information as possible about all forms of threats we observe. We hope that this early warning helps organizations to take proactive steps to stop this new attack before it has a chance to cause major problems.”
Detailed findings are available in the blog: The eCh0raix Ransomware. It provides in-depth understanding of the ransomware, attack and mitigation steps.
Anomali® detects adversaries and tells you who they are. Organizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively. Anomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments. The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide. For more information, visit us at www.anomali.com
News Media Relations