SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.qnapcrypt (Back to overview)

QNAPCrypt

aka: eCh0raix

The QNAPCrypt ransomware works similarly to other ransomware, including encrypting all files and delivering a ransom note. However, there are several important differences:

1. The ransom note was included solely as a text file, without any message on the screen—naturally, because it is a server and not an endpoint.

2. Every victim is provided with a different, unique Bitcoin wallet—this could help the attackers avoid being traced.

3. Once a victim is compromised, the malware requests a wallet address and a public RSA key from the command and control server (C&C) before file encryption.

References
2022-02-09vmwareVMWare
Exposing Malware in Linux-Based Multi-Cloud Environments
ACBackdoor BlackMatter DarkSide Erebus HelloKitty Kinsing PLEAD QNAPCrypt RansomEXX REvil Sysrv-hello TeamTNT Vermilion Strike Cobalt Strike
2022-01-20Trend MicroFernando Mercês, Stephen Hilt
Backing Your Backup Defending NAS Devices Against Evolving Threats
QNAPCrypt QSnatch
2021-08-10paloalto Netoworks: Unit42Haozhe Zhang, Ruchna Nigam, Zhibin Zhang
New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices
QNAPCrypt
2021-05-14Bleeping ComputerSergiu Gatlan
QNAP warns of eCh0raix ransomware attacks, Roon Server zero-day
QNAPCrypt
2021-03-05360 netlabGenShen Ye, JiaYu, Yanlong Ma
QNAP NAS users, make sure you check your system
QNAPCrypt
2021-03-02IntezerJoakim Kennedy
When Viruses Mutate: Did SunCrypt Ransomware Evolve from QNAPCrypt?
QNAPCrypt SunCrypt
2020-06-16IntezerAviygayil Mechtinger
ELF Malware Analysis 101: Linux Threats No Longer an Afterthought
Cloud Snooper Dacls EvilGnome HiddenWasp MESSAGETAP NOTROBIN QNAPCrypt Winnti
2020-06-16IBMIBM Security X-Force® Incident Responseand Intelligence Services (IRIS)
Cloud ThreatLandscape Report 2020
QNAPCrypt RokRAT
2020-06-08QNAPQNAP
eCh0raix Ransomware
QNAPCrypt
2019-09-20IntezerIntezer
Russian Cybercrime Group FullofDeep Behind QNAPCrypt Ransomware Campaigns
QNAPCrypt
2019-07-10AnomaliThreat Research Team
The eCh0raix Ransomware
QNAPCrypt
2019-07-10IntezerIgnacio Sanmillan
How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers
QNAPCrypt

There is no Yara-Signature yet.