Beginning around June 1, A wave of eCh0raix/QNAPCrypt ransomware attacks has been observed targeting QNAP NAS devices. Vectors employed to compromise the devices are exploiting known vulnerabilities and brute-force attacks on weak passwords.
QNAP already addressed the vulnerabilities issues in the following QTS versions:
- QTS 4.4.2.1270 build 20200410 and later
- QTS 4.4.1.1261 build 20200330 and later
- QTS 4.3.6.1263 build 20200330 and later
- QTS 4.3.4.1282 build 20200408 and later
- QTS 4.3.3.1252 build 20200409 and later
- QTS 4.2.6 build 20200421 and later
--- QNAP Advisory: Multiple Vulnerabilities in File Station. (June 5, 2020)
As would be expected, "QNAP strongly recommends updating your QTS to the latest available version for your NAS model."
The ransomware is attributed to the financially motivated Russian cybercrime group 'FullofDeep', the attackers are demanding $500 in bitcoin to decrypt files, which are encrypted with AES CFB.
The ransomware checks for Russian localization before infecting (За здоро́вье!). A decryptor for the initial version of the ransomware was released, however it only works for victims infected before July 17th 2019.
Extended discussion, links, etc. on #qnap on Twitter
Previously:
(2019-11-11) QNAP Warns Users to Secure Devices Against QSnatch Malware
(2019-11-05) Chrome Bug Squashed, QNAP NAS Nasty Hits, Bluekeep Malware Spreads, and More
(2019-09-27) 125 New Flaws Found in Routers and NAS Devices from Popular Brands
(2019-02-14) QNAP NAS Devices Bitten by Malware
(2015-12-19) Stepping into the World of NAS
Related Stories
Stepping into the world of NAS
After many years of accumulating family photos, videos, and other digital files, I decided to purchase a NAS to centralize my storage needs. I researched many different brands and prices. In the end I purchased a QNAP TVS-871 and populated it with three WD 4TB Red NAS drives in a RAID 5 configuration to start. It may be overkill for a home user such as myself, but I felt that it gave me the most bang for the buck, and allows me plenty of room to grow and learn. Hopefully, it will last me for many years to come. Yes, this is not being used as a backup, and I do have an off-site backup plan.
I do realize that many of you, who are certainly more tech savvy than myself, have more than likely built a home-brew NAS. This was simply the easiest way for a NAS noob such as myself to have something as close to plug-n-play as I could get. So my questions for the community:
1. Any general advice or tips that a NAS noob should know?
2. How do you manage your multimedia files? Is there any particular programs or folder structure you recommend for managing these files for easy viewing?
3. Do you have any other recommendations, thoughts, or experiences you wish to share with others who may be thinking of getting a NAS for home or small office use?
Re: Stepping into the world of NAS
Don't use RAID5 because large qualities of data can be silently corrupted.
[Editor's Note: For those unfamiliar with RAID, this primer from Adaptec is a very detailed description of the different RAID levels, their pros and cons, as well as use cases.]
The Register reports on mysterious malware affecting QNAP's popular NAS appliances.
The company has acknowledged the issue and issued a security advisory with the currently available details.
If you have one or more QNAP NAS appliance(s), like yours truly, it's worth giving the advisory a run through and making sure you aren't affected.
QNAP is still analyzing the malware, and advises:
Recommendation
To avoid possible exploits, you must:Manually update Malware Remover to the latest version.
Update QTS to the latest version.
Update all apps installed on your NAS.
In case you encounter problems or receive the following error message while updating Malware Remover, please wait for the solution:[App Center] Failed to install MalwareRemover. Model does not support MalwareRemover.
Cold comfort. Known indicators of compromise include
around 700 entries were added to their machines' hosts file, all pointing to IP address 0.0.0.0. Those entries sinkholed all requests to common antivirus update servers.
If you only have one copy of your data, you don't have your data. Also online backup is not offline backup.
Submitted via IRC for Bytram
125 New Flaws Found in Routers and NAS Devices from Popular Brands
Believe me, there are over 100 ways a hacker can ruin your life just by compromising your wireless router—a device that controls the traffic between your local network and the Internet, threatening the security and privacy of a wide range of wireless devices, from computers and phones to IP Cameras, smart TVs and connected appliances.
In its latest study titled "SOHOpelessly Broken 2.0," Independent Security Evaluators (ISE) discovered a total of 125 different security vulnerabilities across 13 small office/home office (SOHO) routers and Network Attached Storage (NAS) devices, likely affecting millions.
"Today, we show that security controls put in place by device manufacturers are insufficient against attacks carried out by remote adversaries. This research project aimed to uncover and leverage new techniques to circumvent these new security controls in embedded devices," the researchers said.
[...]SOHO routers and NAS devices tested by the researchers are from the following manufacturers:
- Buffalo
- Synology
- TerraMaster
- Zyxel
- Drobo
- ASUS and its subsidiary Asustor
- Seagate
- QNAP
- Lenovo
- Netgear
- Xiaomi
- Zioncom (TOTOLINK)
According to the security researchers, all of these 13 widely-used devices they tested had at least one web application vulnerability that could allow a remote attacker to gain remote shell access or access to the administrative panel of the affected device.
Arthur T Knackerbracket has found the following story:
Anyone running Chrome will want to update and restart their browser in order to make sure they have the latest build, as usual. Google has patched a bunch of flaws including a use-after-free() vulnerability (CVE-2019-13720) that was being actively exploited in the wild against victims. Make sure you're running version 78.0.3904.87 or higher for Windows, Mac, and Linux to be safe.
More technical details are here: essentially, a malicious JavaScript file on a webpage can exploit the vulnerability to potentially gain arbitrary code execution and install spyware and other horrible stuff on the computer. Kaspersky reckons the flaw was abused in an attempt to infect Chrome-using visitors of a Korean-language news website, in a campaign dubbed Operation WizardOpium.
We hope you've all patched your Windows systems for the BlueKeep RDP flaw, which can be exploited to achieve remote-code execution on vulnerable machines. It appears Monero-mining malware is spreading among un-patched boxes via the security flaw. Microsoft patched the bug way back in May.
Marcus Hutchins, with help from Kevin Beaumont, has detailed the spread of the BlueKeep-exploiting nasty here for Kryptos Logic.
All the more reason to ensure you're patched.
Submitted via IRC for soylent_aqua
QNAP Warns Users to Secure Devices Against QSnatch Malware
Network-attached storage (NAS) maker QNAP urges customers to secure their NAS devices against an ongoing malicious campaign that infects them with QSnatch malware capable of stealing user credentials.
QNAP advises users to install the latest version of the Malware Remover app for the QTS operating system running on the company's NAS devices as soon as possible.
Malware Remover 3.5.4.0 and 4.5.4.0 versions are now capable of removing QSnatch after new rules were added by the company updated it on November 1.
"Users are urged to install the latest version of the Malware Remover app from QTS App Center or by manual downloading from the QNAP website," says QNAP.
"Users are advised to take actions listed in the security advisory or, alternatively, contact QNAP for technical assistance. Instructions for creating a support request can be found here."
(Score: 3, Informative) by captain normal on Sunday June 07 2020, @09:07PM (1 child)
If you are hooking anything up to a network especially if any part is exposed to an external internet, you can be hacked. Doh...
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 4, Insightful) by Kitsune008 on Sunday June 07 2020, @09:52PM
It never ceases to amaze me that after several decades of examples, so many still don't understand one stupid-simple fact: If it has an internet connection, it will be hacked.
Don't want it hacked? Then air-gap it.
I stand unmoved by arguments that 'x' needs access for 'y' reason.
Yeah, so? Newsflash: your friendly neighborhood hacker also needs access, and if they have it, you will be hacked.
(Score: 1) by Frosty Piss on Sunday June 07 2020, @10:25PM
More realistic headline: “New ransomware “hack” exploits morons that shouldn’t own computers...”
(Score: 2) by Mojibake Tengu on Monday June 08 2020, @12:09AM
Please note many QNAP devices can actually use two different operating systems: QES (FreeBSD based) and QTS (Linux based).
Those
deliberate backdoorsunintentional vulnerabilities mentioned in TFA are in Linux systems.Thank you for your attention.
Respect Authorities. Know your social status. Woke responsibly.