eCh0raix ransomware targeting network attached storage devices

Researchers at Anomali have discovered a new ransomware targeting QNAP network attached storage (NAS) devices.

The ransomware dubbed eCh0raix, targets NAS devices produced by the Taiwanese firm QNAP systems. 

eCh0raix compromises consumer and enterprise devices by brute-force credential attacks and exploiting known vulnerabilities. 

“The malicious payload encrypts the targeted file extensions on the NAS using AES encryption and appends .encrypt extension to the encrypted files.”

The malware will check to see if files are already encrypted. Upon execution the malware will notify Command and Control (C2) that the encryption process has begun. The malware than “retrieves the RSA public key and the ‘readme’ text content from the C2 server”. An AES-256 encryption key is created to lock the files with a .encrypt extension. 

The ransom note displayed to users inform them that their data has been locked and directs them to a Tor website to make a ransom payment in order to unlock their data. Additionally the note warns users to not tamper with the file. 

Researchers at Anomali noted how NAS devices usually do not have antivirus products running on them, leaving them more vulnerable to attacks, hence making them an attractive target for ransomware threat actors. 

It has been recommended to restrict external access to the QNAP NAS device, and ensure that it is up to date with security patches and that strong credentials are employed. r

“Ransomware has become the biggest and most costly form of cyber crime. Criminals view every device and system connected to the internet as an opportunity to extort victims,” said Joakim Kennedy, of the Anomali Threat Research Team. “We want to provide the security community with as much information as possible about all forms of threats we observe. We hope that this early warning helps organizations to take proactive steps to stop this new attack before it has a chance to cause major problems.”

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered.