Kaspersky
Question

Ech0raix malware

  • 25 February 2021
  • 3 replies
  • 340 views

I have a Thecus N8800Pro v2 NAS that has been hit with a ransomware apparently called Ech0raix. I have searched widely for any information I can find about it and it seems very vague. The version of Ech0raix I’ve encountered is new where decryption tools available do not apply. Fortunately I have a backup and will not pay the ransom.

My question or dilemma is I cannot find the source or know what to look for to ensure the malware is eradicated. I don't know if this ransomware is new enough that information is not available or I’m missing something in my searches and how can I be sure this will not begin encrypting again?

Here is what I know:

  1.  the ransomware only encrypts doc, docx, xls, xlsx, pdf, and jpg type files.
  1. it has only (so far) encrypted my Linux based NAS, no PC’s that I am aware of in our company have been hit and all are protected by KES 11.x
  2. KES registers all NAS files clean
  3. the ransomware leaves this file: README_FOR_DECRYPT.txtt which contains: All your data has been locked(crypted).
    How to unlock(decrypt) instruction located in this TOR website: http://veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion/order/1PbAi22vam4Lt1e3gn4sSLiQbRetPX2KYK
    Use TOR browser for access .onion websites.
    https://duckduckgo.com/html?q=tor+browser+how+to

Any help with this topic is greatly appreciated!


3 replies

Такая же ситуация. Очень жду решения от Лаборатории.

All your data has been locked(crypted).
How to unlock(decrypt) instruction located in this TOR website: http://veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion/order/19DoK59UHkFt5uWDPCpRegiX2EgAXL5g1S
Use TOR browser for access .onion websites.
https://duckduckgo.com/html?q=tor+browser+how+to

присоединюсь к пострадавшим. очень ждем решения.

Reply