Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Files on QNAP NAS Devices Encrypted in Qlocker Ransomware Attacks

Following a wave of ransomware attacks, network-attached storage (NAS) appliance manufacturer QNAP Systems says it is urgently working on finding a solution to remove malware from infected NAS devices.

Following a wave of ransomware attacks, network-attached storage (NAS) appliance manufacturer QNAP Systems says it is urgently working on finding a solution to remove malware from infected NAS devices.

The Taiwanese company, which makes both NAS and professional network video recorder (NVR) solutions, has long been urging users to improve the security of their devices.

With QNAP NAS devices being targeted by ransomware families known as Qlocker and eCh0raix, the company is now advising users to download and install the latest Malware Remover version and scan their devices for any sign of infection.

The NAS manufacturer has updated the Malware Remover tool for platforms such as QTS and QuTS hero “to address the ransomware attack,” and tells users they should leave their NAS devices up and running if data on them has been encrypted.

Even unaffected users should run the latest Malware Remover version, as a precautionary measure. Users should also “modify the default network port 8080 for accessing the NAS operating interface,” QNAP says.

Furthermore, the company recommends updating the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps to the latest versions.

The HBS 3 Hybrid Backup Sync application was updated on Thursday to address an improper authorization vulnerability. Tracked as CVE-2021-28799 and considered critical severity, the flaw can be abused by remote attackers to log into QNAP NAS devices.

Bleeping Computer reported that CVE-2021-28799 and CVE-2020-36195, a vulnerability that was patched last week, have been exploited in the Qlocker attacks.

Related: Exploit Released for Critical Vulnerability Affecting QNAP NAS Devices

Related: Unpatched RCE Flaws Affect Tens of Thousands of QNAP SOHO NAS Devices

Related: QNAP Warns NAS Users of ‘dovecat’ Malware Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.