The operators of the eCh0raix ransomware have launched another wave of attacks against QNAP network-attached storage (NAS) devices.
The eCh0raix gang has been active since June 2019, when they first deployed a first version of their ransomware. Despite having its initial ransomware version decrypted, the group has never disappeared, deploying a newer version that security researchers couldn’t crack.
The group’s activity has slowed down since last summer, primarily because of competition from rival ransomware gangs targeting QNAP NAS devices, such as the Muhstik and the QSnatch groups, but also from IoT botnet operators.
However, the group has recently come back to life, and this new surge in activity can be attributed to the recent publication of a security report detailing three critical vulnerabilities impacting QNAP devices.