• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Technologous - Managed IT Solutions Bryan/College Station

  • Home
  • About
    • Areas We Serve
    • Our Leadership
      • Chris Dawson
      • Ian Soares
  • IT Services
    • Consulting
    • Managed IT
    • Support IT
    • Cloud IT
  • Blog
  • Request a Consultation
  • Contact
You are here: Home / Blog / New Ransomware Targets Network Attached Storage Devices

New Ransomware Targets Network Attached Storage Devices

Yet another new ransomware family has been found in the wild, discovered independently by researchers at two separate security firms, Anomail and Intezer. The new strain has been dubbed “QNPCrypt” by Intezer and eCh0raix” by Anomail and is written in the Go programming language. When it encrypts files, it changes the file extension to “.encrypt” via AES encryption.

The fact that the strain was written using Go is interesting. What makes it truly unique, though, is that it primarily targets Linux-based NAS (Network Attached Storage) devices made by a specific company. It only seems to impact devices made by Taiwan-based QNAP Systems.

Worst of all, though, is that the devices targeted by this new malware strain seldom have antivirus programs on them. Even if they did, there are only a handful of products currently capable of even detecting the strain. By the time you know it’s there, it’s already too late to matter.

The good news, though, is that the security researchers found a flaw in the code. Like most ransomware, after it encrypts your files, it demands payment in Bitcoin in exchange for un-encrypting them. The authors of the malware designed the software to connect to a command and control server prior to the encryption step in order to receive a unique Bitcoin wallet address. It relays this address information to the victim after their files are encrypted in order to facilitate payment, but there’s a catch.

The server only had a finite number of wallet addresses available, and if there are no wallet addresses, then the encryption step never occurs. The researchers created many “fake victims” and simply ran the command and control server out of unique Bitcoin wallet addresses. It’s a temporary fix, to be sure, but it buys time.

Researchers from both companies offered the same advice in terms of minimizing your risks:

  • Never unnecessarily connect your NAS devices directly to the internet
  • Always enable automatic updates to keep firmware up to date
  • Use strong, unique passwords to secure your devices
  • Make frequent backups just in case.

Those are all good pieces of advice generally. If you make a habit of all four, you’ll be miles ahead of the game.

August 2, 2019 Filed Under: Blog Tagged With: Antivirus, NAS, Ransomware, security

Primary Sidebar

Contact Us



GET OUR BLOG IN YOUR EMAIL!

Archives

  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • April 2020
  • March 2020
  • February 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • August 2018

Tags

adobe android App Apple attack Attacks Breach Browser Chrome Dark Web Data Database Data Breach Email Facebook Firefox gmail Google Google Chrome government hacker Hackers information iOS iPhone malware Microsoft Microsoft edge Microsoft Windows 10 office 365 pandemic Password Passwords patch Phishing Phishing emails ransomeware Ransomware security Update Vulnerability Wifi Windows Windows 7 Windows 10

Footer

Contact Us

Address: 3091 University Drive, Unit 210, Bryan, Texas 77802
Phone: 979-217-1226

Our Blog

  • BazarBackdoor Uses Compressed Files To Deliver Malware July 24, 2021
  • Morgan Stanley Banking Hit By Data Breach July 23, 2021
  • Microsoft has Patches For PrintNightmare Bug July 22, 2021
  • Ransomware Attackers May Target Industrial Machines Soon July 21, 2021
  • Google Calendar Adds Virtual Meeting For Hybrid Office Workers July 20, 2021

Search

  • Home
  • About
  • Resources
  • Contact
  • Our Leadership
  • Why Choose Us?
  • IT Services
  • Request a Consultation

Copyright © 2023| All Rights Reserved | Powered By Technologous, LLC | Log in