QNAP Warns of Ransomware Targeting NAS Devices Exposed to the Internet

QNAP today warned its customers to immediately secure Network Attached Storage (NAS) devices exposed to the Internet from ongoing ransomware and brute force attacks.

“QNAP urges all QNAP NAS users to follow the security configuration instructions below to ensure the security of QNAP network devices,” the Taiwanese NAS maker said in a press release issued today.

The company warned users to check if their NAS is accessible over the Internet by opening the Security Counselor, an integrated security portal for QNAP NAS devices.

“Your NAS is exposed to the Internet and at high risk if it displays ‘The system administration service can be directly accessible from an external IP address via the following protocols: HTTP’ on the dashboard. “

QNAP advises customers who have NAS devices exposed to Internet access to take the following steps to defend against attacks:

  • Disable the router’s port forwarding feature: Go to the management interface of your router, check the Virtual Server, NAT or Port Forwarding settings and disable the port forwarding setting of the NAS management service port (port 8080 and 433 by default).
  • Disable the UPnP function of the QNAP NAS: Go to myQNAPcloud in the QTS menu, click on “Automatic router configuration” and deselect “Enable UPnP port forwarding”.

The NAS manufacturer also provides detailed step-by-step procedures on how to disable SSH and Telnet connections and change the system port number, change device passwords, and enable access protection. IP and account.

QNAP Security Advisor
Image: QNAP

The warning follows a wave of ransomware attacks

Although the company has not shared any further details about these active attacks, BleepingComputer reported that QNAP customers have reported that their systems are targeted by the eCh0raix ransomware (also known as QNAPCrypt).

These incidents follow an increase in activity just before Christmas and use an unknown attack vector.

However, some of the user reports seen by BleepingComputers associate successful ransomware attacks with poorly secured devices exposed to the Internet. Others also claimed that attackers exploited an unspecified vulnerability in QNAP Photo Station.

BleepingComputer has seen ech0raix ransom demands ranging from $ 1,200 to $ 3,000 in bitcoin during these recent attacks. Some of them were paid because the victims did not have a backup of the encrypted files

QNAP devices were previously targeted by malicious actors using eCh0raix ransomware in June 2019 and June 2020, with the NAS maker also alerting users to another round of yet another wave of eCh0raix attacks targeting devices with words from weak pass in May 2021.

Source link