Friday, April 23rd 2021
QNAP NAS Affected by Qlocker Ransomware, Company Advises Immediate Action to Secure Your Data
QNAP Systems, Inc. (QNAP), a leading computing, networking and storage solution innovator, today issued a statement in response to recent user reports and media coverage that two types of ransomware (Qlocker and eCh0raix) are targeting QNAP NAS and encrypting users' data for ransom. QNAP strongly urges that all users immediately install the latest Malware Remover version and run a malware scan on QNAP NAS. The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks. QNAP is urgently working on a solution to remove malware from infected devices.
QNAP has released an updated version of Malware Remover for operating systems such as QTS and QuTS hero to address the ransomware attack. If user data is encrypted or being encrypted, the NAS must not be shut down. Users should run a malware scan with the latest Malware Remover version immediately, and then contact QNAP Technical Support at this page.
For unaffected users, it's recommended to immediately install the latest Malware Remover version and run a malware scan as a precautionary measure. All user should update their passwords to stronger ones, and the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version. Additionally, users are advised to modify the default network port 8080 for accessing the NAS operating interface. Steps to perform the operation can be found in the information security best practice offered by QNAP (https://qnap.to/3daz2n). The data stored on NAS should be backed up or backed up again utilizing the 3-2-1 backup rule, to further ensure data integrity and security.
For details, please refer to the QNAP security advisory QSA-21-11 (this page) and QSA-21-13 (this page).
QNAP Product Security Incident Response Team (PSIRT) constantly monitors the latest intelligence to deliver up-to-date information and software updates, ensuring data security for users. Once again, QNAP urges users to take the above-mentioned actions and periodically check/install product software updates to keep their devices away from malicious influences. QNAP also provides the best practice for improving personal and organizational information security. By working together to fight against cybersecurity threats, we make the Internet a safer place for everyone.
QNAP has released an updated version of Malware Remover for operating systems such as QTS and QuTS hero to address the ransomware attack. If user data is encrypted or being encrypted, the NAS must not be shut down. Users should run a malware scan with the latest Malware Remover version immediately, and then contact QNAP Technical Support at this page.
For details, please refer to the QNAP security advisory QSA-21-11 (this page) and QSA-21-13 (this page).
QNAP Product Security Incident Response Team (PSIRT) constantly monitors the latest intelligence to deliver up-to-date information and software updates, ensuring data security for users. Once again, QNAP urges users to take the above-mentioned actions and periodically check/install product software updates to keep their devices away from malicious influences. QNAP also provides the best practice for improving personal and organizational information security. By working together to fight against cybersecurity threats, we make the Internet a safer place for everyone.
17 Comments on QNAP NAS Affected by Qlocker Ransomware, Company Advises Immediate Action to Secure Your Data
pirated movieDATA storage, sharing with friends and neighbors maybe?But this reads as if the malware was pre-installed and shipped.
NAS wont let new admin account access certain shared folders even though access privileges has been set up to include new admin account.
NAS wont let new admin delete files remotely when accessed remotely from an android device.
NAS wont let me cut/copy or paste data from NAS to my desktop with new admin account from within windows unless i disable Windows ACL
Ive checked the user priviledges loads of times and played around. I got shared folder access back but i still cant delete files if im using my tablet to access the NAS and i got my cut/copy paste back by disabling ACL
Ive been told that the Windows ACL function/feature is bugged and from what i read on their forums, It has been bugged for a long time.
All the data I can't afford or don't want to lose/have compromised is air-gapped.
That being said, my next NAS will be *built*, not *bought*. In addition to this, QNAP's been slowly moving apps over to a micro-transaction model. They think they're being slick about it, but everyone who's paying attention knows what's up.
Link from 2019 and they still haven't fixed it:
www.bankinfosecurity.com/report-new-ransomware-targets-qnap-storage-devices-a-12774
"A new ransomware strain called eCh0raix is targeting enterprise storage devices sold by QNAP Network by exploiting vulnerabilities in the gear and bypassing weak credentials using brute-force techniques, according to the security firm Anomali." Article from July 11, 2019
[insert facepalm meme here]
Yeah, that's a bad idea, just like it sounds.Most ISPs provide it now actually. Even Verizon and Comcast do.
Reminds me of the bad old days of the first cable modems, your Network Neighborhood was literally your neighborhood. With everything having a public IP your Network Neighborhood would be the whole damn planet. How they thought that was a good idea, I'll never know.