QNAP, a Taiwan-based network-attached storage (NAS) manufacturer, has issued an advisory about ransomware and brute-force attacks that affect all network-attached storage devices. The ransomware attacks began targeting the NAS device suite on January 6, and the company urges customers to secure their compromised devices as soon as possible.
“Open the Security Counselor on your QNAP NAS. Your NAS is exposed to the Internet and at high risk if there shows “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP” on the dashboard,” QNAP explained in its security advisory.
QNAP has recommended its users to follow the steps mentioned below to secure exposed NAS devices.
Qlocker also outlined several steps that should help users to prevent malware infections. Users should ensure that the passwords used for both admin and user accounts are strong, unique, and difficult to crack. Additionally, they should enable IP and account access protection to protect their devices from brute force attacks, disable SSH and Telnet connections, and avoid using default ports.
The security advisory suggests that these ransomware attacks are targeting network storage devices. However, it seems to be a major outage as several Reddit users reported that QNAP NAS devices that were not connected to the internet also crashed. A Twitter user @Hardisk also noted that the problem is bigger than initially thought, and these QNAP NAS devices may be vulnerable to zero-day flaws. He claims that the malware removal tool provided by QNAP could not find any traces of the virus.
If you’re interested, you can learn more about NAS remote access and network security by heading over to the official website. Let us know in the comments below if your network-attached storage devices have been compromised due to the Qlocker ransomware attacks.