Security Experts:

Files on QNAP NAS Devices Encrypted in Qlocker Ransomware Attacks

Following a wave of ransomware attacks, network-attached storage (NAS) appliance manufacturer QNAP Systems says it is urgently working on finding a solution to remove malware from infected NAS devices.

The Taiwanese company, which makes both NAS and professional network video recorder (NVR) solutions, has long been urging users to improve the security of their devices.

With QNAP NAS devices being targeted by ransomware families known as Qlocker and eCh0raix, the company is now advising users to download and install the latest Malware Remover version and scan their devices for any sign of infection.

The NAS manufacturer has updated the Malware Remover tool for platforms such as QTS and QuTS hero “to address the ransomware attack,” and tells users they should leave their NAS devices up and running if data on them has been encrypted.

Even unaffected users should run the latest Malware Remover version, as a precautionary measure. Users should also “modify the default network port 8080 for accessing the NAS operating interface,” QNAP says.

Furthermore, the company recommends updating the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps to the latest versions.

The HBS 3 Hybrid Backup Sync application was updated on Thursday to address an improper authorization vulnerability. Tracked as CVE-2021-28799 and considered critical severity, the flaw can be abused by remote attackers to log into QNAP NAS devices.

Bleeping Computer reported that CVE-2021-28799 and CVE-2020-36195, a vulnerability that was patched last week, have been exploited in the Qlocker attacks.

Related: Exploit Released for Critical Vulnerability Affecting QNAP NAS Devices

Related: Unpatched RCE Flaws Affect Tens of Thousands of QNAP SOHO NAS Devices

Related: QNAP Warns NAS Users of 'dovecat' Malware Attacks

view counter