A New Ransomware Targeting Linux-based NAS Devices


It doesn’t target NAS devices located in Russia.

Linux-based (NAS) devices made by QNAP Systems are under a new ransomware attack, allowing bad actors to hold users data hostage for ransom.

According to The Hacker News, independently discovered by researchers at two separate security firms, Intezer and Anomali, the new ransomware family targets poorly protected or vulnerable QNAP NAS servers either by brute forcing weak SSH credentials or exploiting known vulnerabilities.

The ransomware implementations are named "QNAPCrypt" by Intezer and "eCh0raix" by Anomali. Written in the Go programming language, the ransomeware encrypts files with targeted extensions using AES encryption and appends an .encrypt extension to each.

For some unknown reason, the ransomware is being merciful to NAS devices located in Belarus, Ukraine, or Russia. “The ransomware terminates the file encryption process and exits without doing any harm to the files,” reported the Hacker News.


Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=