A new variant of eCh0raix ransomware is found to be encrypting not only QNAP but Synology network-attached storage (NAS) too. The ransomware operators exploit CVE-2021-28799, a vulnerability providing attackers with access to hard-coded credentials, i.e. a backdoor account to encrypt QNAP devices. For Synology device they attacker brute force commonly used and default passwords to gain access and encrypt there way out.
Older Version of eChoraix ransomware can be found
here for analysis.
New eCh0raix Ransomware Variant Signatures
Family: Trojan:Linux/Multiverze
MD5: de6bd4cf60a0d8bf44d80345b7611123
SHA256: cc112184b17d65229ce20487d98a3751dceb3efbee7bf70929a35b66416ae248
New eCh0raix Ransomware Variant Download