{"id":10607,"date":"2019-07-26T19:09:49","date_gmt":"2019-07-26T17:09:49","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=10607"},"modified":"2019-10-16T17:15:32","modified_gmt":"2019-10-16T15:15:32","slug":"ransomware-addressing-qnap-synology-nas-systems","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/07\/26\/ransomware-addressing-qnap-synology-nas-systems\/","title":{"rendered":"Ransomware addressing QNAP-\/Synology NAS systems"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2019\/07\/26\/warnung-ransomware-angriffe-auf-qnap-synology-nas\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]Currently there is a warning from NAS vendors like QNAP and Synology. These have increasingly detected attacks on their systems via brute force or attempts to exploit exploits. If successful, the drives are encrypted using Ransomware.<\/p>\n<p><!--more--><\/p>\n<h2>Warning from Synology<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg08.met.vgwort.de\/na\/3f60f5e52178476eb6a4ca9df8ec9cc6\" width=\"1\" height=\"1\">I have a text excerpt (thanks to @PhantomofMobile for that) in which Synology warns directly of such an attack.  <\/p>\n<blockquote>\n<p>Synology has recently received several reports of encryption-based ransomware attacks. After investigation, these incidents were part of a large-scale attack targeting NAS devices from various vendors leveraging brute-force attempts at logins instead of system vulnerabilities. Therefore, Synology strongly recommends all users check if the measures below are in place to secure your accounts.<\/p>\n<\/blockquote>\n<p>The security alert is also available <a href=\"https:\/\/www.facebook.com\/synologydeutschland\/photos\/a.1594837477441905\/2417134061878905\/?type=1&amp;theater\">on Facebook<\/a>. This is not a hacker attack. Rather, a bot is at work trying out countless passwords to gain access to your system. The manufacturer has published a checklist what to do.  <\/p>\n<ul>\n<li>Create a new account in administrator group and disable the system default \"admin\" account.\n<li>Use a complex and strong password, and <strong>apply password strength rules<\/strong> to all users.\n<li>Enable <strong>2-step verification<\/strong> to add an extra security layer to your account.\n<li>Enable <strong>Auto Block<\/strong> in <strong>Control Panel<\/strong> and run <strong>Security Advisor<\/strong> to make sure there is no weak password in the system.\n<li>Enable <strong>Firewall<\/strong> in <strong>Control Panel<\/strong>, and only allow public ports for services that are necessary. <\/li>\n<\/ul>\n<p>If you believe you are affected, try the following actions. <\/p>\n<ul>\n<li>Immediately stops all backup jobs and scheduled backup tasks\n<li>Resets the Synology NAS and restores it from an older backup version.<\/li>\n<\/ul>\n<p>In addition to the network and account management settings described above, manufacturers recommend that you keep your NAS devices or firmware up to date and protect your data with built-in snapshot replication or Hyper Backup if recovery is required. For more information on how to protect your NAS from encrypted ransomware, visit <a href=\"https:\/\/www.synology.com\/solution\/ransomware\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.synology.com\/solution\/ransomware<\/a>.  <\/p>\n<h2>QNAP also warns<\/h2>\n<p>Manufacturer QNAP also warns against increased attacks on its devices by a ransomware called \"eCh0raix\". Security provider Anomali describes this malware in <a href=\"https:\/\/www.anomali.com\/blog\/the-ech0raix-ransomware\" target=\"_blank\" rel=\"noopener noreferrer\">this document<\/a> dated July 10, 2019. The malware uses brute force attacks on the web interfaces of these devices to compromise installations that may be secured with weak passwords. If successful, all files on the NAS will be encrypted and the Ransomware will file a notice where the user can pay. QNAP has also given recommendations for better security. In this comment a heise-reader gives some hints to the settings. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Currently there is a warning from NAS vendors like QNAP and Synology. These have increasingly detected attacks on their systems via brute force or attempts to exploit exploits. If successful, the drives are encrypted using Ransomware.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[950,69],"class_list":["post-10607","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-nas","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/10607","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=10607"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/10607\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=10607"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=10607"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=10607"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}