I have a Thecus N8800Pro v2 NAS that has been hit with a ransomware apparently called Ech0raix. I have searched widely for any information I can find about it and it seems very vague. The version of Ech0raix I’ve encountered is new where decryption tools available do not apply. Fortunately I have a backup and will not pay the ransom. My question or dilemma is I cannot find the source or know what to look for to ensure the malware is eradicated. I don't know if this ransomware is new enough that information is not available or I’m missing something in my searches and how can I be sure this will not begin encrypting again? Here is what I know: the ransomware only encrypts doc, docx, xls, xlsx, pdf, and jpg type files.it has only (so far) encrypted my Linux based NAS, no PC’s that I am aware of in our company have been hit and all are protected by KES 11.x KES registers all NAS files clean the ransomware leaves this file: README_FOR_DECRYPT.txtt which contains: All your data has been locked(crypted). How to unlock(decrypt) instruction located in this TOR website: http://veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion/order/1PbAi22vam4Lt1e3gn4sSLiQbRetPX2KYK Use TOR browser for access .onion websites. https://duckduckgo.com/html?q=tor+browser+how+toAny help with this topic is greatly appreciated!
