Cybersecurity researchers have reported that threat actors that have been using the eCh0raix ransomware strain to target network-attached storage devices manufactured by QNAP and Synology in the past year have developed a new variant that can be used on either vendor product in one campaign, according to Threatpost
The new variant, according to researchers from Palo Alto Network Unit 42
, exploits a critical bug designated CVE-2021-28799, which is designed to allow attackers to bypass authentication and plant a backdoor account.
“Based on our observations and accounts from victims in forums, attackers are mainly using two methods to deliver the ransomware to devices – one being brute forcing credentials, and the other is via the exploitation of known QNAP vulnerabilities targeted at internet-facing devices,” the researchers said.
Victims have come forward on forums claiming to have been forced to pay bitcoin ransoms as early as June 16, and Unit 42 researchers said nearly 250,000 QNAP and Synology NAS devices could be vulnerable.