ech0raix_decryptor

A decryption tool for NAS systems infected by the ech0raix ransomware (also known as QNAP encrypt).

Overview

If your NAS has been infected by ech0raix, you're likely in one of two situations:

1. 2019 Variant (Possibly Decryptable Without Payment)

Identification: Creates a file named README_FOR_DECRYPT.txt

Some developers have released brute force decryptors for this older variant, making free decryption potentially possible.

2. Recent Variants (Payment Required)

Identification: Creates a file named README_FOR_DECRYPT.txtt (note the double 't')

Currently, there is no known free decryption method for these newer versions. We hope future research may provide solutions.

Using This Tool (For Those Who Have Paid)

If you've paid the ransom and received the official decryptor binaries but want to run a virus-free alternative, follow these steps:

Step 1: Extract the Decryption Key

1. Download the free version of IDA Disassembler
2. Open the official decryptor binary in IDA
3. Navigate to main_main function
4. Locate and extract the embedded key as shown below:

Step 2: Test Before Full Decryption

⚠️ Important: Always test on a single folder first without deleting the encrypted files to verify the decryption works correctly.

Disclaimer

This tool is provided as-is for educational and recovery purposes. Always maintain backups and exercise caution when dealing with ransomware-infected systems.

Contributing

Contributions, issues, and feature requests are welcome. If you've found a working method for newer variants, please share your findings.

License

[Add your license information here]

---

Note: This project is not affiliated with or endorsed by the ransomware operators. It exists solely to help victims recover their data safely.