Security Architecture, Cloud Security, Cloud Security, Network Security, Ransomware

QNAP and Synology NAS devices at risk from new ransomware variant

Share

Cybersecurity researchers have reported that threat actors that have been using the eCh0raix ransomware strain to target network-attached storage devices manufactured by QNAP and Synology in the past year have developed a new variant that can be used on either vendor product in one campaign, according to Threatpost. The new variant, according to researchers from Palo Alto Network Unit 42, exploits a critical bug designated CVE-2021-28799, which is designed to allow attackers to bypass authentication and plant a backdoor account. “Based on our observations and accounts from victims in forums, attackers are mainly using two methods to deliver the ransomware to devices – one being brute forcing credentials, and the other is via the exploitation of known QNAP vulnerabilities targeted at internet-facing devices,” the researchers said. Victims have come forward on forums claiming to have been forced to pay bitcoin ransoms as early as June 16, and Unit 42 researchers said nearly 250,000 QNAP and Synology NAS devices could be vulnerable.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.