The QNAPCrypt ransomware works similarly to other ransomware, including encrypting all files and delivering a ransom note. However, there are several important differences:
1. The ransom note was included solely as a text file, without any message on the screen—naturally, because it is a server and not an endpoint.
2. Every victim is provided with a different, unique Bitcoin wallet—this could help the attackers avoid being traced.
3. Once a victim is compromised, the malware requests a wallet address and a public RSA key from the command and control server (C&C) before file encryption.
|2021-05-14 ⋅ Bleeping Computer ⋅ |
QNAP warns of eCh0raix ransomware attacks, Roon Server zero-day
|2021-03-05 ⋅ 360 netlab ⋅ |
QNAP NAS users, make sure you check your system
|2021-03-02 ⋅ Intezer ⋅ |
When Viruses Mutate: Did SunCrypt Ransomware Evolve from QNAPCrypt?
|2020-06-16 ⋅ IBM ⋅ |
Cloud ThreatLandscape Report 2020
|2020-06-16 ⋅ Intezer ⋅ |
ELF Malware Analysis 101: Linux Threats No Longer an Afterthought
Cloud Snooper Dacls EvilGnome HiddenWasp MESSAGETAP NOTROBIN QNAPCrypt Winnti
|2020-06-08 ⋅ QNAP ⋅ |
|2019-09-20 ⋅ Intezer ⋅ |
Russian Cybercrime Group FullofDeep Behind QNAPCrypt Ransomware Campaigns
|2019-07-10 ⋅ Intezer ⋅ |
How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers
|2019-07-10 ⋅ Anomali ⋅ |
The eCh0raix Ransomware
There is no Yara-Signature yet.