eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices
#1
Information 
Quote:Operators of the nearly-year-old eCh0raix ransomware strain that’s been used to target QNAP and Synology network-attached storage (NAS) devices in past, separate campaigns have, gotten more efficient. According to researchers, both have put out a new variant that can target either vendors’ devices in a single campaign.
 
In a report published Tuesday, Palo Alto Network Unit 42 researchers said the new variant of eCh0raix exploits a critical bug, CVE-2021-28799 – an improper authorization vulnerability that gives attackers access to hard-coded credentials so as to plant a backdoor account – in the Hybrid Backup Sync (HBS 3) software on QNAP’s NAS devices.
 
HBS is used for backup, restoration and synchronization between local, remote and cloud storage spaces. On April 21, users of devices marketed by the Taiwanese vendor – Quality Network Appliance Provider (QNAP) – began to report attacks that, it turned out, abused this same flaw. Hundreds of users were extorted, as BleepingComputer reported at the time.
 
On June 21, Unit 42 spotted an attack targeting QNAP HBS3 with an exploit of CVE-2021-28799. It’s not the first time this bug was exploited to deliver Qlocker, researchers said, but it’s the first time it’s been pried open to deliver eCh0raix, aka QNAPCrypt ransomware: an unusual Linux ransomware that was used to target QNAP NAS servers in 2019.
 
Researchers shared an image of the payload – shown below – which was still live at the time the report was published on Tuesday. “The attack tried to utilize a hard-coded session ID ‘jisoosocoolhbsmgnt’ to bypass authentication and execute a command on the device, aiming to fetch malware from the remote server 64[.]42[.]152[.]46 and run it on the victim device,” Unit 42 said.

Read more: eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>