Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Sunday June 07 2020, @08:22PM   Printer-friendly
from the backup-your-backups dept.

Beginning around June 1, A wave of eCh0raix/QNAPCrypt ransomware attacks has been observed targeting QNAP NAS devices. Vectors employed to compromise the devices are exploiting known vulnerabilities and brute-force attacks on weak passwords.

QNAP already addressed the vulnerabilities issues in the following QTS versions:

  • QTS 4.4.2.1270 build 20200410 and later
  • QTS 4.4.1.1261 build 20200330 and later
  • QTS 4.3.6.1263 build 20200330 and later
  • QTS 4.3.4.1282 build 20200408 and later
  • QTS 4.3.3.1252 build 20200409 and later
  • QTS 4.2.6 build 20200421 and later

--- QNAP Advisory: Multiple Vulnerabilities in File Station. (June 5, 2020)

As would be expected, "QNAP strongly recommends updating your QTS to the latest available version for your NAS model."

The ransomware is attributed to the financially motivated Russian cybercrime group 'FullofDeep', the attackers are demanding $500 in bitcoin to decrypt files, which are encrypted with AES CFB.

The ransomware checks for Russian localization before infecting (За здоро́вье!). A decryptor for the initial version of the ransomware was released, however it only works for victims infected before July 17th 2019.

Extended discussion, links, etc. on #qnap on Twitter

Previously:
(2019-11-11) QNAP Warns Users to Secure Devices Against QSnatch Malware
(2019-11-05) Chrome Bug Squashed, QNAP NAS Nasty Hits, Bluekeep Malware Spreads, and More
(2019-09-27) 125 New Flaws Found in Routers and NAS Devices from Popular Brands
(2019-02-14) QNAP NAS Devices Bitten by Malware
(2015-12-19) Stepping into the World of NAS


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by Kitsune008 on Sunday June 07 2020, @09:52PM

    by Kitsune008 (9054) on Sunday June 07 2020, @09:52PM (#1004625)

    It never ceases to amaze me that after several decades of examples, so many still don't understand one stupid-simple fact: If it has an internet connection, it will be hacked.

    Don't want it hacked? Then air-gap it.

    I stand unmoved by arguments that 'x' needs access for 'y' reason.
    Yeah, so? Newsflash: your friendly neighborhood hacker also needs access, and if they have it, you will be hacked.

    Starting Score:    1  point
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4