QNAPCrypt (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

elf.qnapcrypt (Back to overview)

QNAPCrypt

aka: eCh0raix

The QNAPCrypt ransomware works similarly to other ransomware, including encrypting all files and delivering a ransom note. However, there are several important differences:

1. The ransom note was included solely as a text file, without any message on the screen—naturally, because it is a server and not an endpoint.

2. Every victim is provided with a different, unique Bitcoin wallet—this could help the attackers avoid being traced.

3. Once a victim is compromised, the malware requests a wallet address and a public RSA key from the command and control server (C&C) before file encryption.

References

2022-02-09 ⋅ vmware ⋅ VMWare
Exposing Malware in Linux-Based Multi-Cloud Environments
ACBackdoor BlackMatter DarkSide Erebus HelloKitty Kinsing PLEAD QNAPCrypt RansomEXX REvil Sysrv-hello TeamTNT Vermilion Strike Cobalt Strike

2022-01-20 ⋅ Trend Micro ⋅ Stephen Hilt, Fernando Mercês
Backing Your Backup Defending NAS Devices Against Evolving Threats
QNAPCrypt QSnatch

2021-08-10 ⋅ paloalto Netoworks: Unit42 ⋅ Ruchna Nigam, Haozhe Zhang, Zhibin Zhang
New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices
QNAPCrypt

2021-05-14 ⋅ Bleeping Computer ⋅ Sergiu Gatlan
QNAP warns of eCh0raix ransomware attacks, Roon Server zero-day
QNAPCrypt

2021-03-05 ⋅ 360 netlab ⋅ Yanlong Ma, JiaYu, GenShen Ye
QNAP NAS users, make sure you check your system
QNAPCrypt

2021-03-02 ⋅ Intezer ⋅ Joakim Kennedy
When Viruses Mutate: Did SunCrypt Ransomware Evolve from QNAPCrypt?
QNAPCrypt SunCrypt

2020-06-16 ⋅ IBM ⋅ IBM Security X-Force® Incident Responseand Intelligence Services (IRIS)
Cloud ThreatLandscape Report 2020
QNAPCrypt RokRAT

2020-06-16 ⋅ Intezer ⋅ Aviygayil Mechtinger
ELF Malware Analysis 101: Linux Threats No Longer an Afterthought
Cloud Snooper Dacls EvilGnome HiddenWasp MESSAGETAP NOTROBIN QNAPCrypt Winnti

2020-06-08 ⋅ QNAP ⋅ QNAP
eCh0raix Ransomware
QNAPCrypt

2019-09-20 ⋅ Intezer ⋅ Intezer
Russian Cybercrime Group FullofDeep Behind QNAPCrypt Ransomware Campaigns
QNAPCrypt

2019-07-10 ⋅ Anomali ⋅ Threat Research Team
The eCh0raix Ransomware
QNAPCrypt

2019-07-10 ⋅ Intezer ⋅ Ignacio Sanmillan
How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers
QNAPCrypt

There is no Yara-Signature yet.

QNAPCrypt Propose Change

References

QNAPCrypt