The Hacker NewsTHN:40AE22528F131AED7138DA4C8094DA9CNew QNAP NAS Flaws Exploited In Recent Ransomware Attacks - Patch It!
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
A new ransomware strain called “Qlocker” is targeting QNAP network attached storage (NAS) devices as part of an ongoing campaign and encrypting files in password-protected 7zip archives.
First reports of the infections emerged on April 20, with the adversaries behind the operations demanding a bitcoin payment (0.01 bitcoins or about $500.57) to receive the decryption key.
In response to the ongoing attacks, the Taiwanese company has released an advisory prompting users to apply updates to QNAP NAS running Multimedia Console, Media Streaming Add-on, and HBS 3 Hybrid Backup Sync to secure the devices from any attacks.
“QNAP strongly urges that all users immediately install the latest Malware Remover version and run a malware scan on QNAP NAS,” the company said. “The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks.”
Patches for the three apps were released by QNAP over the last week. CVE-2020-36195 concerns an SQL injection vulnerability in QNAP NAS running Multimedia Console or Media Streaming Add-on, successful exploitation of which could result in information disclosure. On the other hand, CVE-2021-28799 relates to an improper authorization vulnerability affecting QNAP NAS running HBS 3 Hybrid Backup Sync that could be exploited by an attacker to log in to a device.
But it appears that Qlocker is not the only strain that’s being used to encrypt NAS devices, what with threat actors deploying another ransomware named “eCh0raix” to lock sensitive data. Since its debut in July 2019, the eCh0raix gang is known for going after QNAP storage appliances by leveraging known vulnerabilities or carrying out brute-force attacks.
QNAP is also urging users to the latest version of Malware Remover to perform a scan as a safety measure while it’s actively working on a solution to remove malware from infected devices.
“Users are advised to modify the default network port 8080 for accessing the NAS operating interface,” the company recommended, adding “the data stored on NAS should be backed up or backed up again utilizing the 3-2-1 backup rule, to further ensure data integrity and security.”
Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P