Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware

SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research.

“While the two ransomware [families] are operated by distinct different threat actors on the dark web, there are strong technical connections in code reuse and techniques, linking the two ransomware to the same author,” Intezer Lab researcher Joakim Kennedy said in a malware analysis published today revealing the attackers’ tactics on the dark web.

First identified in July 2019, QNAPCrypt (or eCh0raix) is a ransomware family that was found to target Network Attached Storage (NAS) devices from Taiwanese companies QNAP Systems and Synology. The devices were compromised by brute-forcing weak credentials and exploiting known vulnerabilities with the goal of encrypting files found in the system.

The ransomware has since been tracked to a Russian cybercrime group referred to as “FullOfDeep,” with Intezer shutting down as many as 15 ransomware campaigns using the QNAPCrypt variant with denial of service attacks targeting a list of static bitcoin wallets that were created…

Have a comment? Type it below!