QNAP NAS Devices Being Targeted by Qlocker Ransomware Again

QNAP, a Taiwan-based network-attached storage (NAS) manufacturer, has issued an advisory about ransomware and brute-force attacks that affect all network-attached storage devices. The ransomware attacks began targeting the NAS device suite on January 6, and the company urges customers to secure their compromised devices as soon as possible.

“Open the Security Counselor on your QNAP NAS. Your NAS is exposed to the Internet and at high risk if there shows “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP” on the dashboard,” QNAP explained in its security advisory.

How to secure exposed network-attached storage (NAS) devices

QNAP has recommended its users to follow the steps mentioned below to secure exposed NAS devices.

• First of all, QNAP customers will need to disable the Port Forwarding function of the router. To do so, navigate to the management interface, and check the Virtual Server, NAT, or Port Forwarding settings. Finally, set the port forwarding setting of NAS management service port (port 8080 and 433 by default) to disabled.
• Once done, turn off the UPnP function of the QNAP NAS by navigating to the myQNAPcloud option available on the QTS menu. Then, click “Auto Router Configuration” and unselect the “Enable UPnP Port forwarding” option.

Qlocker also outlined several steps that should help users to prevent malware infections. Users should ensure that the passwords used for both admin and user accounts are strong, unique, and difficult to crack. Additionally, they should enable IP and account access protection to protect their devices from brute force attacks, disable SSH and Telnet connections, and avoid using default ports.

The security advisory suggests that these ransomware attacks are targeting network storage devices. However, it seems to be a major outage as several Reddit users reported that QNAP NAS devices that were not connected to the internet also crashed. A Twitter user @Hardisk also noted that the problem is bigger than initially thought, and these QNAP NAS devices may be vulnerable to zero-day flaws. He claims that the malware removal tool provided by QNAP could not find any traces of the virus.

If you’re interested, you can learn more about NAS remote access and network security by heading over to the official website. Let us know in the comments below if your network-attached storage devices have been compromised due to the Qlocker ransomware attacks.