Taiwanese networking and storage company QNAP is “strongly” urging its customers to patch their network-attached-storage (NAS) devices after two strains of ransomware ripped through systems and encrypted user data.

QNAP users should immediately install its latest malware remover and run a scan on NAS hardware, the company said in an alert published Thursday.

It also warned network operators not to shut down the NAS if user data is encrypted or in the process of being encrypted.

“The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks,” QNAP said.

The vendor is “urgently” working on a way to scrub malware from devices that have already been infected. It recommends contacting QNAP technical support if a company discovers ransomware on its systems.

A ransomware campaign targeting QNAP devices worldwide with the Qlocker malware began on 19 April. It used 7-zip files to move files stored on QNAP devices into a password-protected archive, demanding 0.01 bitcoins (approximately $500) to receive the password to decrypt the data.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

A separate campaign using the eCh0raix ransomware has been targeting QNAP storage devices since 2019 with varying levels of intensity.

The ransomware campaigns are exploiting two critical vulnerabilities in QNAP systems that were patched earlier this month: CVE-2020-36195 and CVE-2021-28799. Customers should also patch a third vulnerability, CVE-2020-2509, although it was not cited as an attack vector in the ransomware spree.

QNAP also offered some evergreen security advice – back up data regularly, run regular scans and use strong passwords.

Last month QNAP NAS users started reporting that hackers were being targeted with brute-force attacks, a type of attack in which threat actors run software to try millions of password combinations for an account.