Multiple devices from QNAP, a Taiwanese company specializing in NAS storage, have been affected by 2 types of ransomware, called Qlocker and eCh0raix, aimed at encrypting their NAS devices for ransom.
Cybercriminals base themselves on compressing all the files hosted on these devices, in a 7-zip file, which is encrypted. In this way, they ask us for a code where you have to pay between 400 and 500 euros in bitcoins to obtain it.
To do this, they save a text file where they notify us that our files have been encrypted and that, to recover them, you have to make a Bitcoin transaction, through a Tor website (an anonymous network).
This arises because our NAS servers are not up to date and are very vulnerable. Hackers take advantage of this “opportunity” to get hold of all our information. On the other hand, QNAP has sent an official statement, telling us that attackers are possibly using the vulnerability known as VE-2020-36195.
In turn, they recommend us to have all the updated drivers and the importance of having a good antivirus. It is not enough to update after the attack since we would not recover our files.
For this reason, at wpkraken, we always recommend to our clients the importance of keeping all updates up to date, as well as guaranteeing security with our managed antivirus.
In addition, at wpkraken we have recently launched a new service to train and educate employees, to know how to act in the face of a cyber attack. Cyber attacks are the order of the day and one of the main tools we have to stop them is knowing how to detect them in time. Users through various modules and simulations are able to detect these attacks in time.
If you need information about how to keep your devices safe.
Do not hesitate to contact us.
