I have a Thecus N8800Pro v2 NAS that has been hit with a ransomware apparently called Ech0raix. I have searched widely for any information I can find about it and it seems very vague. The version of Ech0raix I’ve encountered is new where decryption tools available do not apply. Fortunately I have a backup and will not pay the ransom.
My question or dilemma is I cannot find the source or know what to look for to ensure the malware is eradicated. I don't know if this ransomware is new enough that information is not available or I’m missing something in my searches and how can I be sure this will not begin encrypting again?
Here is what I know:
the ransomware only encrypts doc, docx, xls, xlsx, pdf, and jpg type files.
it has only (so far) encrypted my Linux based NAS, no PC’s that I am aware of in our company have been hit and all are protected by KES 11.x
Ech0raix malware
in Kaspersky Endpoint Security for Business
Posted
I have a Thecus N8800Pro v2 NAS that has been hit with a ransomware apparently called Ech0raix. I have searched widely for any information I can find about it and it seems very vague. The version of Ech0raix I’ve encountered is new where decryption tools available do not apply. Fortunately I have a backup and will not pay the ransom.
My question or dilemma is I cannot find the source or know what to look for to ensure the malware is eradicated. I don't know if this ransomware is new enough that information is not available or I’m missing something in my searches and how can I be sure this will not begin encrypting again?
Here is what I know:
How to unlock(decrypt) instruction located in this TOR website: http://veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion/order/1PbAi22vam4Lt1e3gn4sSLiQbRetPX2KYK
Use TOR browser for access .onion websites.
https://duckduckgo.com/html?q=tor+browser+how+to
Any help with this topic is greatly appreciated!