Another Ransomware attack on Legacy NAS
Qnap warns of eChoraix ransomware attack

QNAP warns customers that Roon Server zero-day vulnerabilities and eCh0raix ransomware attacks against their network-attached storage (NAS) devices are being actively exploited.


This warning was issued only two weeks after QNAP users received alerts about the ongoing AgeLocker ransomware outbreak.
The Taiwanese NAS device manufacturer stated that it has received reports of devices affected by the eCh0raix ransomware in a security bulletin issued today.


Although QNAP did not mention how many reports it has received from users directly affected by the eCh0raix ransomware in the past few weeks, there has been an increase in BleepingComputer attack reports.


Today, although QNAP has not established a direct connection with the eCh0raix attack, it also warns that some people are actively using the zero-day vulnerability to affect Roon Labs' Roon Server 2021-02-01 and earlier versions.
The company recommends disabling the Roon Server music server, and before Roon Labs provides security updates, do not expose NAS to the Internet to protect them from these active attacks.

QNAP devices were previously targeted by eCh0raix ransomware in June 2019 and June 2020. Beginning in mid-April, a large-scale Qlocker ransomware campaign also attacked QNAP devices. Threat participants behind the attack used a 7zip archive program to remotely encrypt data, earning $260,000 in just five days. In addition, QNAP (Q​​NAP) deleted a backdoor account caused by hard-coded credentials in the HBS 3 Hybrid Backup Sync backup and disaster recovery application. It was later confirmed that the Qlocker ransomware operator used deleted backdoor accounts to hack into the NAS devices of some QNAP customers and encrypt their files. As mentioned at the beginning, AgeLocker ransomware also attacked QNAP customers two weeks ago, and in another attack against publicly exposed NAS devices that used the vulnerable version of the Photo Station during September 2020.

Amber provides a different kind of solution, that cannot be attacked in the same way, the permissions and the ways to access the storage itself are behind an additional level of security, login in the device from an external network won't let the user access to the data, while a controlled access from the local network will be authenticated by the cloud account pairing.

The access to the Applications from the internet with Amber Anywhere don't require any port forwarding or configuration of the router, increasing by a lot the safety of the device even for non-tech users.

The security and safety of the Data stored by our users is our top priority and every aspect of the device is developed with that in mind.

4 Simple Ways You Can Protect Your Privacy Online