QNAP has alerted that customers should promptly safeguard Internet-exposed network-attached storage (NAS) devices against continuous ransomware and brute-force cyberattacks.
“QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP networking devices,” the Taiwanese NAS maker stated in a recent press release.
Users should launch the Security Counselor, a built-in security portal for QNAP NAS systems, to see if their NAS is accessible over the internet. Customers with NAS devices exposed to the Internet should protect them against attacks by disabling the router’s Port Forwarding function and the QNAP NAS’s UPnP function.
The NAS manufacturer also includes detailed instructions for turning off SSH and Telnet connections, changing the system port number, changing device passwords, and enabling IP and account access security. While QNAP did not provide more information about the ongoing attacks, users reported that their computers had been infected with the eCh0raix ransomware (aka QNAPCrypt).
These attacks result from an uptick in activity just before Christmas, and they use an unknown attack vector. However, some customers’ complaints relate successful ransomware attacks to devices that are open to the Internet and are not sufficiently secured. Others have stated that the attackers used an unnamed QNAP Photo Station flaw.
ech0raix ransom demands have been observed ranging from $1,200 to $3,000 in bitcoins after recent attacks. Because the victims lacked a backup of the encrypted data, some were compensated.
Threat actors previously attacked QNAP devices with eCh0raix ransomware in June 2019 and June 2020, with the NAS maker also warning customers in May 2021 about a new wave of eCh0raix attacks targeting devices with weak passwords.