Skip to content
MalwareWiki

Malware

QNAPCrypt

aka eCh0raix

The QNAPCrypt ransomware works similarly to other ransomware, including encrypting all files and delivering a ransom note.

QNAPCrypt, also known as eCh0raix, is a Linux malware family.

Background

QNAPCrypt operates much like other ransomware, encrypting all files and leaving behind a ransom note, but it differs in a few notable ways:

  1. The ransom note is delivered only as a text file, with nothing shown on screen—understandably, since the target is a server rather than an endpoint.

  2. Each victim receives its own distinct Bitcoin wallet, which may help the operators stay untraceable.

  3. After compromising a host, the malware requests a wallet address and a public RSA key from its command and control server (C&C) before it starts encrypting files.

Source: Malpedia (Fraunhofer FKIE).