Free decryptor for eCh0raix ransomware released

• The current version of the decryptor works for only victims who were infected before July 17, 2019.
• This decryptor will help victims recover their encrypted files on their QNAP NAS devices for free.

What’s the matter?

Security researcher BloodDolly has released a decryption tool for the eCh0raix ransomware. This decryptor will help victims recover their encrypted files on their QNAP NAS devices for free.

What is eCh0raix?

eCh0raix, also known as QNAPCrypt, is a ransomware that targets QNAP Network Attached Storage (NAS) devices used for backups and file storage. The QNAP NAP devices are compromised by brute-forcing weak credentials and exploiting known vulnerabilities. Upon encryption, the ransomware will append the .encrypt extension to the encrypted file's name.

Worth noting

The current version of the decryptor works for only victims who were infected before July 17, 2019. It does not work for newer versions of the ransomware. The newer versions will have 173 characters long key at the end of the ransom note. The security researcher is working on creating a decryptor for the newer versions.

How does the decryptor work?

• If you’re a victim of Ech0raix ransomware, then download the Ech0raixDecoder.exe program and save it on your computer.
• Once downloaded, extract the files and read the enclosed README.txt file to learn how to use the program.
• Once started, the program will ask you to select an encrypted file and the same file in its unencrypted form.
• If you do not have an encrypted/unencrypted pair, use the sample pictures found in the C:\Users\Public\Pictures\Sample Pictures folder.
• If this is not possible, then you can use the decryptor to brute force the password from an encrypted file, however, this process might take a longer time to finish.
• Once the decryption key has been found, you can add it to the decryptor and use it to decrypt the encrypted files.