[German]Just recently, QNAP NAS drives were encrypted by a ransomware attack – I went into this topic in the blog post The The QNAP disaster: Ransomware attack on NAS devices. Now the next attack is due. The vendor has again issued a security warning about its QNAP products as of April 29, 2021. There are indications that the devices or NAS drives are being actively attacked by the AgeLocker ransomware and the drive contents are being encrypted. The manufacturer is investigating these cases and asks users to update the systems. about the issue.
Advertising
I was made aware of the new security issue a few hours ago via a Facebook comment there on my post QNAP NAS ransomware attack wrap-up (April 2021). Thomas U. wrote:
Thanks for that. Just came mail from QNAP again – QNAP Security Advisory | Bulletin ID: QSA-21-15
Release date: April 29, 2021
Security ID: QSA-21-15
Severity rating: High
CVE identifier: N/A
Affected products: All QNAP NAS
In security advisory QSA-21-15 AgeLocker Ransomware, the vendor writes that the QNAP security team has detected suspicious AgeLocker Ransomware activity in the wild. The ransomware has the potential to affect QNAP NAS devices, it says. To protect the devices, the manufacturer strongly recommends regularly updating QTS or QuTS hero and all installed applications to the latest versions. Users can check the product support status to see the latest updates available for the NAS model.
QNAP recommends for further assurance that users should not expose their NAS to the Internet. If a NAS needs to be connected to the Internet, the developers strongly recommend using a trusted VPN or myQNAPcloud connection. More details can be found in the security advisory QSA-21-15. The colleagues from Bleeping Computer had contact with QNAP and have collected some more information here.
QNAP has also slightly revised the security advisory QSAa-21-11 on SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On, which was already published on April 16, 2021.
