April 23, 2021

Use QNAP network attached storage? Patch now to prevent ransomware spree

By Robert Scammell

Taiwanese networking and storage company QNAP is “strongly” urging its customers to patch their network-attached-storage (NAS) devices after two strains of ransomware ripped through systems and encrypted user data.

QNAP users should immediately install its latest malware remover and run a scan on NAS hardware, the company said in an alert published Thursday.

It also warned network operators not to shut down the NAS if user data is encrypted or in the process of being encrypted.

“The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks,” QNAP said.

The vendor is “urgently” working on a way to scrub malware from devices that have already been infected. It recommends contacting QNAP technical support if a company discovers ransomware on its systems.

A ransomware campaign targeting QNAP devices worldwide with the Qlocker malware began on 19 April. It used 7-zip files to move files stored on QNAP devices into a password-protected archive, demanding 0.01 bitcoins (approximately $500) to receive the password to decrypt the data.

A separate campaign using the eCh0raix ransomware has been targeting QNAP storage devices since 2019 with varying levels of intensity.

The ransomware campaigns are exploiting two critical vulnerabilities in QNAP systems that were patched earlier this month: CVE-2020-36195 and CVE-2021-28799. Customers should also patch a third vulnerability, CVE-2020-2509, although it was not cited as an attack vector in the ransomware spree.

QNAP also offered some evergreen security advice – back up data regularly, run regular scans and use strong passwords.

Last month QNAP NAS users started reporting that hackers were being targeted with brute-force attacks, a type of attack in which threat actors run software to try millions of password combinations for an account.