ech0raix
Two days ago, my Zyxel NAS326 was attack and all files are encrypted with ech0raix ransomware. Do you have any idea if there is a decryptor?
Best Answers
-
Search link: https://www.google.no/search?q=ech0raix+ransomware&newwindow=1
I was initially going to suggest a few more links to pages where someone posted decryptor tools, but they ended up being either "page not found" or targeting router systems like QNAP or other.
Not sure if people following this forum branch are familiar with this ransomware, but I am going to wish you all the best of luck anyway.
0 -
I have same issues.Happend on 04.06.2024.I am also searching for a solution.How much is the hacker asking to decrypt?
0 -
My nas also was encrypted between 9-11/06/2024. Due to the new version of ech0raix (it creates txtt files with message about pay for decrypt). From my research, there is no way to decrypt file alone.
1 -
I'm disappointed that Zyxel doesn't have any viable solutions, as does Europol and others.
The problem with strong encryption is that it is, well, strong encryption. As long as no implementation errors are made, it is not possible to decrypt without having the decryption key. And that key is not stored on your NAS.
I think ZyXEL has tried to stop it from the other side. When I look at the release notes of the last firmware update of the 326 (from May 10 2024), I see
[SI-1545][Issue 3-2] Privilege escalation vulnerability 2
[SI-1545][Issue 4] Remote code execution vulnerability
[SI-1545][Issue 5] Arbitrary file upload and remote code execution vulnerability
[SI-1545][Issue 6] Unauthenticated backdoor vulnerability
[SI-1545][Issue 7] Weak password generation for privileged user vulnerabilityThe looks like closing backdoor(s) which malware uses to come in. Unfortunately that SI-1545 seems to be an internal code. Google doesn't know where it refers to.
1 -
The same amount are asking also from me. I opened TOR and wrote on chat but no answer from them.
1 -
Is still Zyxel no 1 in security?
I have the same issues. Happened 5 days again.
Regards from Romania
1 -
Same issue. Same date. All my photos encrypted. 90% restored from backup. Contacted with them on chat but dont want to lower the price
0 -
I've joined the club, NAS542, June 10-12, ransom is also 0.019 BTC. Given the same issues were discussed a few years ago among QNAP and Synology users, the case doesn't look very promising - allegedly, unless we're lucky to be encrypted by an old version (prior to June 2019), they haven't found any mistakes in the encryption. The only option seems to be to recover from backups. If your ransom note has a ".txtt" extension, that is the newer version. If you want to try luck with the old decryptor (don't delete the original encrypted files if you plan to wait for a potential decryptor in the future), search for a post by the user BloodDolly (link).
0 -
Just to check, what firmware version was everyone on when it happened? My NAS542 was ABAG.13 when it got attacked.
0 -
same
0
All Replies
-
Search link: https://www.google.no/search?q=ech0raix+ransomware&newwindow=1
I was initially going to suggest a few more links to pages where someone posted decryptor tools, but they ended up being either "page not found" or targeting router systems like QNAP or other.
Not sure if people following this forum branch are familiar with this ransomware, but I am going to wish you all the best of luck anyway.
0 -
I read a lot of information about this ransomware, I found only one decryptor and I will try it, but I'm not sure if it works 100%. I hope that Zyxel users have more information.
0 -
I have same issues.Happend on 04.06.2024.I am also searching for a solution.How much is the hacker asking to decrypt?
0 -
My nas also was encrypted between 9-11/06/2024. Due to the new version of ech0raix (it creates txtt files with message about pay for decrypt). From my research, there is no way to decrypt file alone.
1 -
0,019 BTC. I tried to negotiate but no chance
0 -
Same to me. Unfortunately, at the moment I don't have money for the redemption, I will try to collect them and maybe I will be able to pay later. I'm disappointed that Zyxel doesn't have any viable solutions, as does Europol and others.
1 -
I'm disappointed that Zyxel doesn't have any viable solutions, as does Europol and others.
The problem with strong encryption is that it is, well, strong encryption. As long as no implementation errors are made, it is not possible to decrypt without having the decryption key. And that key is not stored on your NAS.
I think ZyXEL has tried to stop it from the other side. When I look at the release notes of the last firmware update of the 326 (from May 10 2024), I see
[SI-1545][Issue 3-2] Privilege escalation vulnerability 2
[SI-1545][Issue 4] Remote code execution vulnerability
[SI-1545][Issue 5] Arbitrary file upload and remote code execution vulnerability
[SI-1545][Issue 6] Unauthenticated backdoor vulnerability
[SI-1545][Issue 7] Weak password generation for privileged user vulnerabilityThe looks like closing backdoor(s) which malware uses to come in. Unfortunately that SI-1545 seems to be an internal code. Google doesn't know where it refers to.
1 -
The same amount are asking also from me. I opened TOR and wrote on chat but no answer from them.
1 -
Is still Zyxel no 1 in security?
I have the same issues. Happened 5 days again.
Regards from Romania
1 -
Same issue. Same date. All my photos encrypted. 90% restored from backup. Contacted with them on chat but dont want to lower the price
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 95 Nebula Status and Incidents
- 5.6K Security
- 239 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 385 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 72 Security Highlight