The QNAPCrypt ransomware is a direct evolution of the eCh0raix ransomware. eCh0raix became known for targeting attacks on QNAP and Synology NAS devices. After numerous successful attacks the group ceased attacks and later appeared as QNAPCrypt.
Unlike eCh0raix, QNAPCrypt has focused its attention exclusively on QNAP NAS, as its name already alludes to. For the vast majority of the time the most sensitive data for businesses is stored on these devices.
This shows that the group’s attacks are not random and not focused on ordinary users but on specific companies that have a large flow of information.
The group exploits known vulnerabilities in QNAP such as CVE-2021-28799, even though the update to fix this vulnerability has already been released, some companies do not pay attention to it and continue with their outdated systems.
The prices charged by QNAPCrypt vary according to the size of the company attacked and the amount of files encrypted. The amount charged for the release of the decryption key, must be done in cryptocurrency, usually Bitcoin.
Cryptocurrencies are the primary means of receiving ransom payments because they are virtually untraceable.
Encrypted files are given a new extension to their name, “.encrypt” is added, these files will be more available to the user.
After the encryption has been completed, the ransomware locks the system and presents a ransom note named ‘README_FOR_DECRYPT.txt’, in which it contains the necessary information for the victim to contact the group.
Digital Recovery specialises in recovering data encrypted by ransomware, and also specialises in NAS system. Which makes us perfect for recovering data encrypted by QNAPCrypt ransomware.
With over 20 years in the market, we specialise in recovering NAS, DAS and SAN Storages and any RAID level.
We have exclusive processes, and all of them were developed based on GDPR (General Data Protection Regulation). The entire process is completely confidential, and we guarantee this through the Confidentiality Agreement (NDA).
We have in our portfolio the remote recovery, it can be done from anywhere in the world and any storage device.
Contact our experts and start the recovery right now.