The IT Security Incident Response Team posted a alert regarding an ongoing attack on Qnap NAS and Synology, bearing the eCh0raix ransomware.
This ransomware is not new, in fact it is a revised version which makes it more dangerous. The ransom in question is aimed at medium and small businesses, the self-employed and the self-employed, therefore the categories that are currently suffering the most from the pandemic.
In the past, Qnap himself had suffered an attack which carried the same ransomware.
For the critical vulnerability exploited by Qnap, Synology Brute-Force attack
For Qnap a vulnerability is exploited which concerns an incorrect implementation of the security permissions inherent in the software Hybrid backup software 3.
For Synology, a brute force attack targeted to administrator accounts, after having “pierced” the account, the ransomware is then conveyed.
Recall that Synology is already attacked by a botnet network, probably part of this attack concerns the one highlighted today.
The versions of Qnap concerned are:
- QTS 4.5.2: HBS 3 versions earlier than 16.0.0415
- QTS 4.3.6: HBS 3 versions earlier than 3.0.210412
- QTS 4.3.3 and 4.3.4: HBS 3 versions earlier than 3.0.210411
- QuTS hero h4.5.1: HBS 3 versions earlier than 16.0.0419
- QuTScloud c4.5.1 ~ c4.5.4: HBS 3 versions prior to 16.0.0419
Qnap recommends updating HBS 3 to the latest available version, as well as following other indications security related. For synology, follow the recommendations we have given in This article.