A new ransomware strain called "Qlocker" is targeting QNAP network attached storage (NAS) devices as part of an ongoing campaign and encrypting files in password-protected 7zip archives.
First reports of the infections emerged on April 20, with the adversaries behind the operations demanding a bitcoin payment (0.01 bitcoins or about $500.57) to receive the decryption key.
In response to the ongoing attacks, the Taiwanese company has released an advisory prompting users to apply updates to QNAP NAS running Multimedia Console, Media Streaming Add-on, and HBS 3 Hybrid Backup Sync to secure the devices from any attacks.
"QNAP strongly urges that all users immediately install the latest Malware Remover version and run a malware scan on QNAP NAS," the company said. "The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks."
Patches for the three apps were released by QNAP over the last week. CVE-2020-36195 concerns an SQL injection vulnerability in QNAP NAS running Multimedia Console or Media Streaming Add-on, successful exploitation of which could result in information disclosure. On the other hand, CVE-2021-28799 relates to an improper authorization vulnerability affecting QNAP NAS running HBS 3 Hybrid Backup Sync that could be exploited by an attacker to log in to a device.
But it appears that Qlocker is not the only strain that's being used to encrypt NAS devices, what with threat actors deploying another ransomware named "eCh0raix" to lock sensitive data. Since its debut in July 2019, the eCh0raix gang is known for going after QNAP storage appliances by leveraging known vulnerabilities or carrying out brute-force attacks.
Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.RESERVE YOUR SEAT
QNAP is also urging users to the latest version of Malware Remover to perform a scan as a safety measure while it's actively working on a solution to remove malware from infected devices.
"Users are advised to modify the default network port 8080 for accessing the NAS operating interface," the company recommended, adding "the data stored on NAS should be backed up or backed up again utilizing the 3-2-1 backup rule, to further ensure data integrity and security."