SoylentNews is people
SoylentNews
Beginning around June 1, A wave of eCh0raix/QNAPCrypt ransomware attacks has been observed targeting QNAP NAS devices. Vectors employed to compromise the devices are exploiting known vulnerabilities and brute-force attacks on weak passwords.
QNAP already addressed the vulnerabilities issues in the following QTS versions:
- QTS 4.4.2.1270 build 20200410 and later
- QTS 4.4.1.1261 build 20200330 and later
- QTS 4.3.6.1263 build 20200330 and later
- QTS 4.3.4.1282 build 20200408 and later
- QTS 4.3.3.1252 build 20200409 and later
- QTS 4.2.6 build 20200421 and later
--- QNAP Advisory: Multiple Vulnerabilities in File Station. (June 5, 2020)
As would be expected, "QNAP strongly recommends updating your QTS to the latest available version for your NAS model."
The ransomware is attributed to the financially motivated Russian cybercrime group 'FullofDeep', the attackers are demanding $500 in bitcoin to decrypt files, which are encrypted with AES CFB.
The ransomware checks for Russian localization before infecting (За здоро́вье!). A decryptor for the initial version of the ransomware was released, however it only works for victims infected before July 17th 2019.
Extended discussion, links, etc. on #qnap on Twitter
Previously:
(2019-11-11) QNAP Warns Users to Secure Devices Against QSnatch Malware
(2019-11-05) Chrome Bug Squashed, QNAP NAS Nasty Hits, Bluekeep Malware Spreads, and More
(2019-09-27) 125 New Flaws Found in Routers and NAS Devices from Popular Brands
(2019-02-14) QNAP NAS Devices Bitten by Malware
(2015-12-19) Stepping into the World of NAS
(Score: 2) by Mojibake Tengu on Monday June 08 2020, @12:09AM
Please note many QNAP devices can actually use two different operating systems: QES (FreeBSD based) and QTS (Linux based).
Those
deliberate backdoorsunintentional vulnerabilities mentioned in TFA are in Linux systems.Thank you for your attention.
Respect Authorities. Know your social status. Woke responsibly.