eCh0raix Ransomware

eCh0raix Ransomware Description

eCh0raix Ransomware has been found to take the traditional actions of ransomware threats to a new level by targeting QNAP Network Attached Storage (NAS) devices. The specific QNAP devices that eCh0raix Ransomware primarily targets are ones created by the QNAP Systems, Inc. company, a Taiwanese company that creates media storage devices.

The vulnerabilities found within specific QNAP NAS systems are sought after by eCh0raix Ransomware where many of the files are encrypted due to loading of a malicious payload. Moreover, eCh0raix Ransomware is suspected to be associated with the QNAPCrypt Ransomware threat, which appears to perform some of the same functions of attacking a QNAP NAS.

Written in the Go programming language, eCh0raix Ransomware is a rather simple source code that has under 400 lines. However, the effectiveness of eCh0raix Ransomware has been proven as it encrypts files on an infected QNAP NAS just before displaying a ransom note that reads like the following:

All your data has been locked(crypted).
How to unclock(decrypt) instruction located in this TOR website: http://sg3dwqfpnr4sl5hh.onion/order/[Bitcoin address]
Use TOR browser for access .onion websites.
https://duckduckgo.com/html?q=tor+browser+how+to

Do NOT remove this file and NOT remove last line in this file!
[base64 encoded encrypted data]

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.