Ransomware addressing QNAP-/Synology NAS systems

[German]Currently there is a warning from NAS vendors like QNAP and Synology. These have increasingly detected attacks on their systems via brute force or attempts to exploit exploits. If successful, the drives are encrypted using Ransomware.


Warning from Synology

I have a text excerpt (thanks to @PhantomofMobile for that) in which Synology warns directly of such an attack.

Synology has recently received several reports of encryption-based ransomware attacks. After investigation, these incidents were part of a large-scale attack targeting NAS devices from various vendors leveraging brute-force attempts at logins instead of system vulnerabilities. Therefore, Synology strongly recommends all users check if the measures below are in place to secure your accounts.

The security alert is also available on Facebook. This is not a hacker attack. Rather, a bot is at work trying out countless passwords to gain access to your system. The manufacturer has published a checklist what to do.

  • Create a new account in administrator group and disable the system default "admin" account.
  • Use a complex and strong password, and apply password strength rules to all users.
  • Enable 2-step verification to add an extra security layer to your account.
  • Enable Auto Block in Control Panel and run Security Advisor to make sure there is no weak password in the system.
  • Enable Firewall in Control Panel, and only allow public ports for services that are necessary.

If you believe you are affected, try the following actions.

  • Immediately stops all backup jobs and scheduled backup tasks
  • Resets the Synology NAS and restores it from an older backup version.

In addition to the network and account management settings described above, manufacturers recommend that you keep your NAS devices or firmware up to date and protect your data with built-in snapshot replication or Hyper Backup if recovery is required. For more information on how to protect your NAS from encrypted ransomware, visit https://www.synology.com/solution/ransomware.

QNAP also warns

Manufacturer QNAP also warns against increased attacks on its devices by a ransomware called "eCh0raix". Security provider Anomali describes this malware in this document dated July 10, 2019. The malware uses brute force attacks on the web interfaces of these devices to compromise installations that may be secured with weak passwords. If successful, all files on the NAS will be encrypted and the Ransomware will file a notice where the user can pay. QNAP has also given recommendations for better security. In this comment a heise-reader gives some hints to the settings.


Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Software and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *