Active ransomware operator
← All groupsEch0Raix
0 victims indexed · last activity 3 years ago
0
Victims indexed
—
Active period
—
Countries hit
At a glance
- Status
- active
- First seen
- —
- Last activity
- 3 years ago
- Onion sites
- 2 known endpoints
About
Auto-discovered from ransomware tracking sources
References
14 linksExternal sources curated by the MISP threat-intel community.
- bleepingcomputer.com/news/security/ongoing-ech0raix-ransomware-campaign-targets-qnap-nas-devices/
- anomali.com/blog/the-ech0raix-ransomware
- blog.netlab.360.com/qnap-nas-users-make-sure-you-check-your-system/
- documents.trendmicro.com/assets/pdf/wp-backing-your-backup-defending-nas-devices-against-evolving-threats.pdf
- intezer.com/blog/linux/elf-malware-analysis-101-linux-threats-no-longer-an-afterthought
- unit42.paloaltonetworks.com/ech0raix-ransomware-soho/
- bleepingcomputer.com/news/security/qnap-warns-of-ech0raix-ransomware-attacks-roon-server-zero-day/
- ibm.com/downloads/cas/Z81AVOY7
- intezer.com/blog-russian-cybercrime-group-fullofdeep-behind-qnapcrypt-ransomware-campaigns/
- intezer.com/blog-seizing-15-active-ransomware-campaigns-targeting-linux-file-storage-servers/
- intezer.com/blog/malware-analysis/when-viruses-mutate-did-suncrypt-ransomware-evolve-from-qnapcrypt
- qnap.com/en/security-advisory/QSA-20-02
- vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmw-exposing-malware-in-linux-based-multi-cloud-environments.pdf
- ransomlook.io/group/ech0raix
Recent victims
Loading…
Onion infrastructure
2 known- http://7zvu7njrx7q734kvk435ntuf37gfll2pu46fmrfoweczwpk2rhp444yd.onion
- http://veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion
Source
Updated 3 years agoData on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.