QNAP warns of eCh0raix ransomware and Roon Server zero-day attacks

QNAP warns of an actively exploited Roon Server zero-day flaw and eCh0raix ransomware attacks on its NAS devices.

QNAP warns customers of threat actors that are targeting its Network Attached Storage (NAS) devices with eCh0raix ransomware attacks and exploiting a Roon Server zero-day vulnerability.

The Taiwanese vendor was informed of ongoing eCh0raix ransomware attacks that infected QNAP NAS devices using weak passwords.

“The eCh0raix ransomware has been reported to affect QNAP NAS devices. Devices using weak passwords may be susceptible to attack.” reads the advisory published by the vendor. “We strongly recommend users act immediately to protect their data.”

The company recommends customers to perform the following actions:

1. Use stronger passwords for your administrator accounts.
2. Enable IP Access Protection to protect accounts from brute force attacks.
3. Avoid using default port numbers 443 and 8080.

Independent experts observed a surge in eCh0raix ransomware infection reports between April 19 and April 26.

In the same period, the vendor also warned its users of an ongoing AgeLocker ransomware outbreak.

Unfortunately, the bad news for NAS owners are not ended, the vendor also issued another security advisory to warn of an actively exploited zero-day vulnerability affecting Roon Labs’ Roon Server 2021-02-01 and earlier versions.

“The QNAP security team has detected an attack campaign in the wild related to a vulnerability in Roon Server. QNAP NAS running the following versions of Roon Server may be susceptible to attack: Roon Server 2021-02-01 and earlier.

“We have already notified Roon Labs of the issue and are thoroughly investigating the case. We will release security updates and provide further information as soon as possible.” reads the advisory.”

QNAP recommends users not to expose their devices to the internet, it also recommends disabling Roon Server to prevent potential attacks.

Below the instruction to disable Roon Server NAS devices:

• Log on to QTS as administrator.Open the App Center and then click .
• A search box appears.Type “Roon Server” and then press ENTER.
• Roon Server appears in the search results.Click the arrow below the Roon Server icon.Select Stop.
• The application is disabled.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, IoT)

[adrotate banner=”5″]

[adrotate banner=”13″]