eCh0raix ransomware attacks and Roon Server zero-day bug
Reading Time: 2 minutes

Fear of being exploited by eCh0raix ransomware attacks and Roon Server zero-day bug targeting their Network Attached Storage devices lurks for QNAP customers. Two weeks ago QNAP alerted its users of an ongoing AgeLocker ransomware outbreak.

QNAP, Taiwan based NAS appliance maker received reports of devices impacted by eCh0raix ransomware in a security advisory published today.

The company said “The eCh0raix ransomware has been reported to affect QNAP NAS devices. Devices using weak passwords may be susceptible to attack.

QNAP has urged its customer to promptly act to the advisory to protect their data from potential eCh0raix attacks.

Users have been asked to

  • Implement stronger passwords for your administrator accounts.
  • Enable IP Access Protection to protect accounts from brute force attacks.
  • Avoiding using default port numbers 443 and 8080.

A security advisory has been published, where they are provided with step-by-step instructions to change their NAS password, enable IP Access Protection, and change the system port number.

It is not clear how many reports QNAP has received from users directly affected by eCh0raix ransomware in the last few weeks.
Exploited Roon Server zero-day

Apart from the threat of the eCh0raix attack, QNAP also warned about Roon Server’s zero-day vulnerability impacting Roon Labs’ Roon Server 2021-02-01 and earlier versions.

Users have been advised to disable the Roon Server music server and not expose the NAS on the Internet to protect it from these active attacks until Roon Labs provides a security update.

How to disable Roon Server on your NAS?

  • Log on to QTS as administrator.
  • Open the App Center and then click ​. A search box appears.
  • Type “Roon Server” and then press ENTER. Roon Server appears in the search results.
  • Click the arrow below the Roon Server icon.
  • Select Stop. The application is disabled.

Earlier on Thursday QNAP fixed a command injection vulnerability in the Malware Remover app. It allowed remote attackers to execute arbitrary commands on devices running vulnerable app versions.

Related Articles:

How to Protect Your Smart Home Devices From Hackers?
Passwordstate Enterprise Password Manager Warns users of ongoing phishing attacks by hackers
How to Protect Your Company’s Server From Ransomware Attacks