Threat Watch

Share on facebook
Share on twitter
Share on linkedin

QNAP Warns of AgeLocker Ransomware

QNAP users are again urged to secure their Network Attached Storage (NAS) devices against ransomware attacks targeting their data. In a security advisory QNAP published yesterday, their security discovered AgeLocker ransomware samples in the wild, potentially targeting QNAP devices. NAS device users are warned not to expose their devices on the Internet since it would allow potential attackers to find and gain access to the user’s data. A QNAP spokesman stated that recently compromised NAS devices targeted by AgeLocker were running outdated firmware. AgeLocker ransomware was first spotted in the wild in July 2020 and, since then, it has already targeted QNAP devices in a September 2020 campaign. Last weekend, QNAP owners were once again hit by ransomware in a massive and ongoing campaign by Qlocker ransomware. While at first, QNAP stated that Qlocker exploits an SQL Injection vulnerability (CVE-2020-36195) to encrypt unpatched devices, it was later discovered that it also used hardcoded credentials in the HBS 3 Hybrid Backup Sync app.

ANALYST NOTES

QNAP owners are recommended to update their devices to the latest firmware, to update their devices, owners are recommended to follow the following steps: • Log on to QTS or QuTS hero as administrator. • Go to Control Panel > System > Firmware Update. • Under Live Update, click Check for Update. QTS or QuTS hero downloads and installs the latest available update. To update all installed apps, the following steps should be followed: • Log on to QTS or QuTS hero as administrator. • Go to App Center > My Apps. • Check the All option before clicking Install Updates. • Click OK on the confirmation message to update all installed apps to their latest versions. QNAP owners should also go through the following checklist that was designed to mitigate against potential attacks: • Change all passwords for all accounts on the device • Remove unknown user accounts from the device • Make sure the device firmware is up-to-date and all of the applications are also updated • Remove unknown or unused applications from the device • Install QNAP MalwareRemover application via the App Center functionality • Set an access control list for the device (Control panel -> Security -> Security level) Source Article: https://www.bleepingcomputer.com/news/security/qnap-warns-of-agelocker-ransomware-attacks-on-nas-devices/