Ransomware Attacks Targeting QNAP NAS Devices - Dangerous
Operators of the eCh0raix ransomware have begun a campaign that targets QNAP network-attached storage (NAS) devices. The attackers are gaining access to the devices through known vulnerabilities or through brute-force password attacks.
If you own a QNAP or similar storage device (Netgear, Synology, Western Digital..), do the following today: (1) Patch. These devices tend to be difficult to patch. You will need to be careful to not disrupt any work if users use the device to store documents they work on, or worse, if the device is used as an iSCSI drive in a virtual environment. (2) Make sure the device is not exposed to the internet. (3) Uninstall all components that are not required to operate the device. These devices often come with a large number of vulnerable web applications preinstalled. Uninstall as many of them as possible. Vendors try to sell these functions based on the number of features bundled with them. It is easy and cheap to add features by adding random open source components to the device. But vendors also often fail to secure these components and with patching being difficult, these devices will be compromised after some time exposed to the internet.
Update the QNAP OTS and Security Counselor software, use stronger admin passwords, limit network accessibility, disable Telnet and unused SSH services and enable QNAP snapshot service. Flaws in eCh0raix have been fixed which neutralized the free decryption option released by BloodDolly.
NAS devices should not be connected to the public networks or hidden by end-to-end application layer encryption.