Wednesday, August 4, 2021
All countries COVID-19 Cases
Total confirmed cases
Updated on August 4, 2021 7:38 PM

QNAP warns of AgeLocker ransomware attacks on NAS devices

Must Read
- Advertisement -

Once again, QNAP customers are urged to protect their network storage devices (NAS) to defend against Agelocker ransomware attacks targeting their data.

In a security advisory released today, the company says its security team has discovered samples of AgeLocker ransomware in the wild, with “the potential to affect QNAP NAS devices.”

“To protect your device, we strongly recommend updating QTS or QuTS hero and all installed applications to their latest versions to benefit from vulnerability fixes”, QNAP saying. “You can check the product support status to see the latest updates available for your NAS model.”

Customers are also cautioned not to expose their NAS devices to the Internet, as it would allow potential attackers to find them and access user data.

A QNAP PSIRT spokesperson told BleepingComputer that NAS devices recently compromised by AgeLocker ransomware had outdated firmware.

“So we would like urgent users to update firmware and applications to the latest version to keep devices safe from attack,” added the spokesperson.

If you have enabled manual port forwarding, automatic port forwarding (UPnP, Universal Plug and Play) and demilitarized zone (DMZ) for QNAP NAS in your router or modem settings, your QNAP NAS is connected directly to the Internet. Some other connection methods that put your QNAP NAS directly on the Internet include obtaining a public IP address (static / PPPoE / DHCP) from the QNAP NAS itself. – QNAP

Ransomware that also steals data before encryption

AgeLocker ransomware was first detected in the wild in July 2020 and has since targeted QNAP NAS devices worldwide in a September 2020 campaign.

This strain of ransomware uses a encryption algorithm known as Age (short for Actually Good Encryption), designed as a GPG replacement for encrypting files, backups, and streams.

Age uses the algorithms X25519 (an ECDH curve), ChaChar20-Poly1305 and HMAC-SHA256, according to a ransomware decryption expert Michael Gillespie, which makes it a very secure method of encrypting victims’ files.

While in the case of the first victim, AgeLocker operators asked for a ransom of 7 bitcoins (approximately $ 64,500 at the time), we still do not know the amount requested to decrypt the victims’ files during the September 2020 attacks.

QNAP devices were previously attacked by eCh0raix ransomware (also known as QNAPCrypt) in June 2019 and June 2020.

As of last weekend, QNAP users were again affected by ransomware in a massive and still ongoing Qlocker ransomware campaign.

While QNAP initially told BleepingComputer that Qlocker exploits an SQL injection vulnerability (CVE-2020-36195) to encrypt unpatched devices, it was later found to use hard-coded credentials in the HBS 3 Hybrid Backup Sync application.

ID-R Qlocker shipments
ID-R Qlocker shipments

How to protect your NAS device

To update QTS or QuTS hero and all its installed apps, you need to follow the steps below.

Update QTS or QuTS hero:

  1. Log in to QTS or QuTS hero as an administrator.
  2. To go Control Panel > system > Firmware update.
  3. Below Live update, click on Search for updates. QTS or QuTS hero download and install the latest available update.

Update all installed applications:

  1. Log in to QTS or QuTS hero as an administrator.
  2. To go Application Center> My apps.
  3. Check the Alles option before clicking Install updates.
  4. Click okay in the confirmation message to update all installed applications to their latest versions.

The company also advised customers in the past to change the default access port number, use strong account passwords, and enable password policies to further protect their devices.

QNAP NAS owners should also follow the following checklist designed to mitigate potential attacks:

  • Change all passwords for all accounts on the device
  • Delete unknown user accounts from the device
  • Make sure device firmware is up to date and all apps are up to date as well
  • Remove unknown or unused apps from the device
  • Install the QNAP MalwareRemover application through the App Center functionality
  • Set up an access control list for the device (Control Panel -> Security -> Security Level)

- Advertisement -


Please enter your comment!
Please enter your name here

- Advertisement -
Latest News

Financing Your Dream Vacation With Stock Release

Have you ever thought about going on a dream vacation, but you don't know how to finance it? Is...
- Advertisement -

More Articles Like This

- Advertisement -