QNAP warned of a Roon Server zero-day bug that has been exploited in the wild and eCh0raix ransomware attacks against their Network Attached Storage (NAS) devices.
The company has been dealing with a series of vulnerabilities and campaigns. The most recent one involved AgeLocker ransomware and took place two weeks ago. And earlier, a massive Qlocker ransomware campaign hit QNAP devices in mid-April. Then there was a backdoor account (hardcoded credentials) in the HBS 3 Hybrid Backup Sync backup and disaster recovery app that Qnap had to remove.
The Taiwan-based manufacturer alerted its customers in a security advisory published today that was prompted by reports of devices that had been compromised by eCh0raix ransomware.
“The eCh0raix ransomware has been reported to affect QNAP NAS devices. Devices using weak passwords may be susceptible to attack.
QNAP urged customers to immediately to protect their devices from potential eCh0raix attacks by changing to stronger passwords for administrator accounts; enabling IP Access Protection, and avoiding default port numbers 443 and 8080.
Detailed step-by-step instructions on changing your NAS password, enabling IP Access Protection, and changing the system port number are available in the security advisory.
QNAP doesn’t say how many users have been affected by eCh0raix ransomware in the last weeks. But BleepingComputer reports an increase in forum posts on eCh0raix support topic.
Today, QNAP also warned of a zero-day vulnerability in Roon Labs’ Roon Server 2021-02-01 and earlier versions that’s been actively exploited. The flaw can allow a remote attacker to execute arbitrary code on devices running flawed app versions.
This can be remedied by disabling the Roon Server music server and disconnecting the NAS from the Internet until Roon Labs issues an update.
