Ransomware infects NAS systems from both QNAP and Synology

Researchers warn of ransomware that can infect both QNAP and Synology NAS systems. It is the eCh0raix ransomware. Previous versions of this ransomware were used separately against either QNAP or Synology NAS systems. The now discovered variant can attack devices from both manufacturers.

In the case of QNAP systems, the ransomware uses a vulnerability in Hybrid Backup Sync (HBS 3) to do this. HBS 3 is a backup and restore solution. It supports a variety of local, remote server and cloud storage services. On April 22, QNAP issued a warning stating that security updates had been rolled out to fix the issue. In May, the vulnerability was then exploited by the Qlocker ransomware.

Now the developers of the eCh0raix ransomware have also added this vulnerability to their arsenal, security company Palo Alto Networks reports . In the case of the Synology NAS systems, no attack vector is mentioned, but last week Synology itself issued a warning that NAS systems were the target of brute-force attacks that attempted commonly used administrator passwords.

Based on its own research, the security company states that about 240,000 NAS systems from QNAP can be accessed from the Internet and about 3,500 from Synology. In case of a successful attack, files on the NAS system will be encrypted and victims will have to pay a ransom for decryption.

Previous Post Next Post