The vulnerability has been confirmed as an improper authorization vulnerability. This software provides backup, restoration and synchronization functions between local, remote and cloud storage spaces. On April 22, QNAP released a security advisory to disclose a vulnerability within their Hybrid Backup Sync (HBS 3) software. Palo Alto Networks customers are protected against eCh0raix and CVE-2021-28799 with Next-Generation Firewalls with Threat Prevention, WildFire and Advanced URL Filtering security subscriptions Cortex Xpanse and AutoFocus. Limit connections to SOHO connected devices from only a hard-coded list of recognized IPs to prevent network attacks that are used to deliver ransomware to devices.Create complex login passwords to make brute-forcing more difficult for attackers.Details about updating QNAP NAS devices against CVE-2021-28799 can be found on the QNAP website. Update device firmware to keep attacks of this nature at bay.We recommend the following best practices for protecting home offices from ransomware attacks: SOHO users are attractive to ransomware operators looking to attack bigger targets because attackers can potentially use SOHO NAS devices as a stepping stone in supply chain attacks on large enterprises that can generate huge ransoms.Īdditionally, SOHO users typically do not employ dedicated IT or security professionals, which makes them less prepared to block ransomware attacks than larger organizations. However, the SOHO and small business sectors can contain a large attack surface for threat actors – for example, some 250,000 QNAP and Synology NAS devices are exposed to the public internet, according to data from the Cortex Xpanse platform. Coverage of the ransomware crisis tends to focus on threats to large enterprises and government agencies, which are facing increasingly aggressive and disruptive ransomware attacks. We’re releasing our findings about this new variant of eCh0raix to raise awareness of the ongoing threats to the SOHO and small business sectors. As recently as June, victims have reported paying a modest ransom. We’re regularly seeing attacks with the eCh0raix ransomware variant, which has been active in the wild for nearly a year. While eCh0raix is known ransomware that has historically targeted QNAP and Synology NAS devices in separate campaigns, this new variant is the first time we’ve seen it combining functionality to target both QNAP and Synology NAS devices, demonstrating that some ransomware developers are continuing to invest in optimizing the tools used to target devices common in the small office and home office (SOHO). ![]() To achieve this, attackers are also leveraging CVE-2021-28799 to deliver the new eCh0raix ransomware variant to QNAP devices. Unit 42 researchers have discovered a new variant of eCh0raix ransomware targeting Synology network-attached storage (NAS) and Quality Network Appliance Provider (QNAP) NAS devices.
0 Comments
Leave a Reply. |