A new ransomware family has been found. It has been discovered by researchers at two separate security firms, Anomail and Intezer.
The new strain has been dubbed “QNAPCrypt” by Intezer and eCh0raix” by Anomail and is written in the Go programming language. When it encrypts files, it changes the file extension to “.encrypt” via AES encryption.
Besides the fact that it was written in Go, what makes it even more unique is that it primarily targets Linux-based NAS (Network Attached Storage) devices made by a specific company. It only seems to impact devices made by Taiwan-based QNAP Systems.
The devices targeted have been found to not have any antivirus programs on them. Even if antivirus software is running, there are not many products currently able to detect the malware strain. By the time you know it’s there, it’s too late.
On the positive side, like most ransomware, after it encrypts your files it demands payment via Bitcoin to un-encrypt them. Because of the way the malware authors coded it, if there are no Bitcoin wallet addresses available, then the encryption step never occurs.
Researches from both companies provided some advice to help minimize your risks:
- Make frequent backups.
- Never unnecessarily connect your NAS devices directly to the internet.
- Always enable automatic updates to keep firmware up to date.
- Use strong, unique passwords to secure your devices.
Planning for an attack now can really save you time and money in the long run. Read more about the new ransomware here.