QNAP detects a large number of ransomware attacks

by do son · Published · Updated

QNAP ransomware attacks
QNAP, a maker of network-attached storage devices (NAS), has issued an alert saying the company has detected a large number of ransomware attacks. These cyberattacks are not currently blamed on specific or known hacker groups, and the attack methods are quite common, exploiting known vulnerabilities or brute force. According to QNAP, these attackers indiscriminately target any QNAP’s devices exposed on the public Internet. As a security suggestion, QNAP recommends users not expose the NAS to the public network.

Your NAS is exposed to the Internet and at high risk if there shows ‘The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP’ on the dashboard.

QNAP is currently unable to confirm the source of the attack, but QNAP said that if the device is compromised, ransomware may be installed to encrypt all user data. The attack methods are divided into brute force attack and exploiting flaws, in which brute force attack is to use scripts and password dictionaries to continuously try to test the passwords used by users.

Attackers target the devices and try to launch an attack using a vulnerability that has already been disclosed. If the user does not update the firmware in time, it may be infected.
For this reason, QNAP recommends that users upgrade the device firmware immediately and disconnect the public network connection. In theory, just disconnecting the public network connection can successfully solve most of the attacks. Of course, the most important thing is to upgrade the system firmware in time.

If your NAS is exposed to the Internet, please follow the instructions below to ensure NAS security:

Step 1: Disable the Port Forwarding function of the router

Go to the management interface of your router, check the Virtual Server, NAT or Port Forwarding settings, and disable the port forwarding setting of NAS management service port (port 8080 and 433 by default).

Step 2: Disable the UPnP function of the QNAP NAS

Go to myQNAPcloud on the QTS menu, click the “Auto Router Configuration”, and unselect “Enable UPnP Port forwarding”.

 

Tags: QNAPransomware attacks