New QNAP NAS Flaws Exploited In Recent Ransomware Attacks - Patch It!

2021-04-23T14:43:00
ID THN:40AE22528F131AED7138DA4C8094DA9C
Type thn
Reporter The Hacker News
Modified 2021-04-23T18:54:18

Description

A new ransomware strain called "Qlocker" is targeting QNAP network attached storage (NAS) devices as part of an ongoing campaign and encrypting files in password-protected 7zip archives.

First reports of the infections emerged on April 20, with the adversaries behind the operations demanding a bitcoin payment (0.01 bitcoins or about $500.57) to receive the decryption key.

In response to the ongoing attacks, the Taiwanese company has released an advisory prompting users to apply updates to QNAP NAS running Multimedia Console, Media Streaming Add-on, and HBS 3 Hybrid Backup Sync to secure the devices from any attacks.

password auditor

"QNAP strongly urges that all users immediately install the latest Malware Remover version and run a malware scan on QNAP NAS," the company said. "The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks."

Patches for the three apps were released by QNAP over the last week. CVE-2020-36195 concerns an SQL injection vulnerability in QNAP NAS running Multimedia Console or Media Streaming Add-on, successful exploitation of which could result in information disclosure. On the other hand, CVE-2021-28799 relates to an improper authorization vulnerability affecting QNAP NAS running HBS 3 Hybrid Backup Sync that could be exploited by an attacker to log in to a device.

But it appears that Qlocker is not the only strain that's being used to encrypt NAS devices, what with threat actors deploying another ransomware named "eCh0raix" to lock sensitive data. Since its debut in July 2019, the eCh0raix gang is known for going after QNAP storage appliances by leveraging known vulnerabilities or carrying out brute-force attacks.

password auditor

QNAP is also urging users to the latest version of Malware Remover to perform a scan as a safety measure while it's actively working on a solution to remove malware from infected devices.

"Users are advised to modify the default network port 8080 for accessing the NAS operating interface," the company recommended, adding "the data stored on NAS should be backed up or backed up again utilizing the 3-2-1 backup rule, to further ensure data integrity and security."

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.