How to protect yourself against encryption-based ransomware Ech0raix (QNAPCrypt)?
Posted: 27 Dec 2020, 20:20
The risk of malware infection remains on a constant rise with new infections rapidly spreading. Recently, it has been learned that some TerraMaster users’ TNAS devices have been attacked by ransomware Ech0raix (QNAPCrypt), causing their precious data to be encrypted and demanded for ransom. We express our regret for this and strongly condemn the attackers! This is a despicable act of harming the interests of others to obtain illegal income for oneself, this is a crime!
The ransomware Ech0raix (QNAPCrypt) was first reported in June 2020. It initially targeted QNAP's NAS devices. In 2020, more than 1,000 users were attacked in the United States alone. Now this ransomware is back and targets QNAP NAS devices agains, unfortunately targets TerraMaster TNAS devices too.
The following are research articles about Ech0raix (QNAPCrypt)
https://www.anomali.com/blog/the-ech0raix-ransomware
https://securityaffairs.co/wordpress/10 ... -qnap.html
https://howtofix.guide/ech0raix-ransomw ... -qnap-nas/
https://www.bugsfighter.com/remove-ech0 ... ypt-files/
For vulnerabilities that may be exploited, TerraMaster has released new TOS updates to reduce the possibility of being attacked. TerraMaster will continue to find all possible vulnerabilities and maintain timely TOS updates.
Is there any way to prevent a ransomware attack from happening? Well, yes and no. There are certainly some precautions you should take to minimize the chances of malware infection, but nothing can guarantee you won’t be targeted, any device exposed on the Internet with vulnerabilities or weak password is at risk of being attacked.
You need to take immediate actions to avoid threats to your important data
1. Update your computer operating system to the latest version;
2. Install good anti-virus software on your computer, TNAS device and router to help you detect and resist malicious threats;
3. Be cautious when opening email attachments or clicking on files from unknown sources. Beware of suspicious files with hidden file extensions, such as ".pdf.exe"
4. Malware usually targets computers that use RDP (Remote Desktop Protocol). Please disable RDP on your computer, and disable SSH and Telnet on your TNAS when not using remote access;
5. Set a high security level password for all users;
6. Disable the system default administrator account, re-create a new administrator account, and set an advanced password;
7. Enable the firewall and only allow trusted IP addresses and ports to access your device, and avoid using default port numbers 5443(HTTPS) and 8181(HTTP), and modify to any other port between 5001-65535.
8. Enable automatic IP block on your TOS control panel to block IP addresses with too many failed login attempts;
9. Backing up data is the best way to deal with malicious attacks; always back up data, at least one backup to another device. It is strongly recommended to adopt a 3-2-1 backup strategy;
If unfortunately you have found that your data is infected by ransomware
1. Disconnect your computer and TNAS device from the Internet immediately;
2. Before restoring data, thoroughly remove the infection in the computer system and TNAS;You need to restore your TNAS to factory settings and completely format all your hard drives;
3. Or you might try solutions here https://www.bugsfighter.com/remove-ech0 ... ypt-files/
More information about ransomware
https://enterprise.comodo.com/blog/how- ... ks-happen/
https://demotix.com/ransomware-attack/
The ransomware Ech0raix (QNAPCrypt) was first reported in June 2020. It initially targeted QNAP's NAS devices. In 2020, more than 1,000 users were attacked in the United States alone. Now this ransomware is back and targets QNAP NAS devices agains, unfortunately targets TerraMaster TNAS devices too.
The following are research articles about Ech0raix (QNAPCrypt)
https://www.anomali.com/blog/the-ech0raix-ransomware
https://securityaffairs.co/wordpress/10 ... -qnap.html
https://howtofix.guide/ech0raix-ransomw ... -qnap-nas/
https://www.bugsfighter.com/remove-ech0 ... ypt-files/
For vulnerabilities that may be exploited, TerraMaster has released new TOS updates to reduce the possibility of being attacked. TerraMaster will continue to find all possible vulnerabilities and maintain timely TOS updates.
Is there any way to prevent a ransomware attack from happening? Well, yes and no. There are certainly some precautions you should take to minimize the chances of malware infection, but nothing can guarantee you won’t be targeted, any device exposed on the Internet with vulnerabilities or weak password is at risk of being attacked.
You need to take immediate actions to avoid threats to your important data
1. Update your computer operating system to the latest version;
2. Install good anti-virus software on your computer, TNAS device and router to help you detect and resist malicious threats;
3. Be cautious when opening email attachments or clicking on files from unknown sources. Beware of suspicious files with hidden file extensions, such as ".pdf.exe"
4. Malware usually targets computers that use RDP (Remote Desktop Protocol). Please disable RDP on your computer, and disable SSH and Telnet on your TNAS when not using remote access;
5. Set a high security level password for all users;
6. Disable the system default administrator account, re-create a new administrator account, and set an advanced password;
7. Enable the firewall and only allow trusted IP addresses and ports to access your device, and avoid using default port numbers 5443(HTTPS) and 8181(HTTP), and modify to any other port between 5001-65535.
8. Enable automatic IP block on your TOS control panel to block IP addresses with too many failed login attempts;
9. Backing up data is the best way to deal with malicious attacks; always back up data, at least one backup to another device. It is strongly recommended to adopt a 3-2-1 backup strategy;
If unfortunately you have found that your data is infected by ransomware
1. Disconnect your computer and TNAS device from the Internet immediately;
2. Before restoring data, thoroughly remove the infection in the computer system and TNAS;You need to restore your TNAS to factory settings and completely format all your hard drives;
3. Or you might try solutions here https://www.bugsfighter.com/remove-ech0 ... ypt-files/
More information about ransomware
https://enterprise.comodo.com/blog/how- ... ks-happen/
https://demotix.com/ransomware-attack/