QNAP were recently in the news due to twin ransomware attacks that appear to be specifically targetting their NAS solutions. The Qlocker and eCh0raix ransomware variants both exploit recently patched vulnerabilities that break implicit security measures, leading to unwanted data encryption and extortion against the owners of the data. To nudge data administrators and consumers into action QNAP have released a statement directing users to make use of the Malware Remover tool and further best practice steps should an infection be uncovered.
QNAP have not expressly indicated vulnerable and safe hardware models. Rather than labour under a false sense of security, carrying out the below measures on those QNAP NAS you are running would be sensible.
QNAP strongly urges that all users immediately install the latest Malware Remover version and run a malware scan on QNAP NAS. The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks. QNAP is urgently working on a solution to remove malware from infected devices.
QNAP has released an updated version of Malware Remover for operating systems such as QTS and QuTS hero to address the ransomware attack. If user data is encrypted or being encrypted, the NAS must not be shut down. Users should run a malware scan with the latest Malware Remover version immediately, and then contact QNAP Technical Support at https://service.qnap.com/.
For unaffected users , it's recommended to immediately install the latest Malware Remover version and run a malware scan as a precautionary measure. All user should update their passwords to stronger ones, and the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version. Additionally, users are advised to modify the default network port 8080 for accessing the NAS operating interface. Steps to perform the operation can be found in the information security best practice offered by QNAP (https://qnap.to/3daz2n). The data stored on NAS should be backed up or backed up again utilizing the 3-2-1 backup rule, to further ensure data integrity and security.
QNAP has released an updated version of Malware Remover for operating systems such as QTS and QuTS hero to address the ransomware attack. If user data is encrypted or being encrypted, the NAS must not be shut down. Users should run a malware scan with the latest Malware Remover version immediately, and then contact QNAP Technical Support at https://service.qnap.com/.
For unaffected users , it's recommended to immediately install the latest Malware Remover version and run a malware scan as a precautionary measure. All user should update their passwords to stronger ones, and the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version. Additionally, users are advised to modify the default network port 8080 for accessing the NAS operating interface. Steps to perform the operation can be found in the information security best practice offered by QNAP (https://qnap.to/3daz2n). The data stored on NAS should be backed up or backed up again utilizing the 3-2-1 backup rule, to further ensure data integrity and security.
The efforts by QNAP once again underline the importance of both a manufacturer who updates critical hardware and software regularly to meet ongoing security challenges, and system admins who keep their software and firmware up to date with frequent patches. Even in the event that it doesn't protect everyone at the tip of the spear, it at least significantly helps to protect those further down the food chain.
More details on the vulnerabilities exploited can be found at QNAP security advisories QSA-21-11 (https://qnap.to/3eq7hy) and QSA-21-13 (https://qnap.to/3dygse).
SOURCE: QNAP Advisory