July 10, 2019

Anomali Discovers New Ransomware Targeting Consumer, Enterprise Storage Devices

Devices Frequently Store High-Value Files and Backups, Usually Don’t Have Commercial Antivirus Protection Deployed

REDWOOD CITY, Calif., July 10, 2019 (GLOBE NEWSWIRE) -- Anomali, a leader in threat intelligence, today published its latest research blog. It details a new type of ransomware identified by the Anomali Threat Research Team. Designated as “eCh0raix,” it is targeting QNAP Network Attached Storage (NAS) devices. Impacted consumer and enterprise devices appear to be compromised via brute-force credential attacks and through exploits of known vulnerabilities. The ransomware encrypts the targeted file extensions on the NAS using AES encryption and appends an “.encrypt” extension to the encrypted files. The ransom note directs victims to pay varied amounts in Bitcoin via a website accessible with a Tor browser.

Anomali threat researchers believe that the NAS device approach is significant. Such devices typically store critical files and backups, making them a lucrative target for ransomware threat actors. These types of devices usually do not have commercial antivirus products running on them, which leaves them more vulnerable to attacks.

“Ransomware has become the biggest and most costly form of cyber crime. Criminals view every device and system connected to the internet as an opportunity to extort victims,” said Joakim Kennedy, of the Anomali Threat Research Team. “We want to provide the security community with as much information as possible about all forms of threats we observe. We hope that this early warning helps organizations to take proactive steps to stop this new attack before it has a chance to cause major problems.”

Detailed findings are available in the blog: The eCh0raix Ransomware. It provides in-depth understanding of the ransomware, attack and mitigation steps.

Twitter: https://twitter.com/Anomali
LinkedIn: https://www.linkedin.com/company/anomali/
Blog: https://www.anomali.com/site/blog-rss

About Anomali

Anomali® detects adversaries and tells you who they are. Organizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively. Anomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments. The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide. For more information, visit us at www.anomali.com.

Contact

Joe Franscella
News Media Relations
+1-209-597-6656
jfranscella@anomali.com

__wf_reserved_heredar