QNAP Ransomeware

[Eyebroughty]

Hi,

Speaking to a friend this morning he told me his QNAP NAS was brought down by the 7 ZIP ransomeware over the weekend.

https://www.helpnetsecurity.com/2021/04/26/qnap-nas-ransomware/

Either a very long fix or a £500 payment.

Any PFM members had any issues in the last few days?

Cheers

John

 

[GavinB]

Nasty! Think I've avoided this (crossing fingers).

 

[gavreid]

Hi,

Speaking to a friend this morning he told me his QNAP NAS was brought down by the 7 ZIP ransomeware over the weekend.

https://www.helpnetsecurity.com/2021/04/26/qnap-nas-ransomware/

Either a very long fix or a £500 payment.

Any PFM members had any issues in the last few days?

Cheers

John

Thanks for posting.

 

[paulfromcamden]

I read about this in The Register at the weekend.
https://www.theregister.com/2021/04/22/qnap_nas_ransomware_qlocker_ech0raix/

Am I right in thinking that it's only an issue if your NAS is accessible over the internet? And that you'd have to specifically set up your router to enable that?

 

[Amber Audio]

Couple of things everyone should do on their NAS Boxes regardless of Make/Model

Change the Default Admin Password for something more complex

For any User Passwords make them sensible and not daft like Password123 or ABC123 or qwerty

Keep the OS updated - you will be prompted when an update is available

Keep any Apps updated - you will be prompted when an update is available​

 

[Amber Audio]

I read about this in The Register at the weekend.
https://www.theregister.com/2021/04/22/qnap_nas_ransomware_qlocker_ech0raix/

Am I right in thinking that it's only an issue if your NAS is accessible over the internet? And that you'd have to specifically set up your router to enable that?

Not clear yet but appears to be what you say

 

[MJS]

Personally I would not have anything facing the external internet for exactly this reason. I use a VPN if I need to access any of my network externally.

 

[wylton]

From my experiences with NAS, make sure that you keep them backed up. I lost two to thunderstorms and the mirror drive didn't work for me the second time, so it was just as well I had it all backed up elsewhere.

 

[Amber Audio]

From my experiences with NAS, make sure that you keep them backed up. I lost two to thunderstorms and the mirror drive didn't work for me the second time, so it was just as well I had it all backed up elsewhere.

Yep NAS was not invented to act as a Backup it was/is designed for Availability/Redundancy - they are different goals entirely

 

[MJS]

NAS is just storage on a network. How you keep the data arranged on that storage is the redundancy bit, if at all. But as wylton points out if the device fries then so does your data. And, just as I've pointing out to video editors for a quarter of a century now, you can still corrupt the data on a RAID array - you just have RAID protected, but corrupted (or encrypted) data. Modern filesystems like ZFS can snapshot data and in theory let you revert to a previous version without getting encrypted by malware. Certainly the massive number of new data blocks written should fill up the filesystem first and be somewhat self-limiting. I have not tried this though.

Mark (who has just changed 6 drives in a nail-biting couple of weeks on a large array)

 

[Amber Audio]

NAS is just storage on a network. How you keep the data arranged on that storage is the redundancy bit, if at all. But as wylton points out if the device fries then so does your data. And, just as I've pointing out to video editors for a quarter of a century now, you can still corrupt the data on a RAID array - you just have RAID protected, but corrupted (or encrypted) data. Modern filesystems like ZFS can snapshot data and in theory let you revert to a previous version without getting encrypted by malware. Certainly the massive number of new data blocks written should fill up the filesystem first and be somewhat self-limiting. I have not tried this though.

Mark (who has just changed 6 drives in a nail-biting couple of weeks on a large array)

QNAPs have Thick and Thin Volume options with snapshots to add a bit of reassurance. We’ve dealt with punctured RAIDs on Dell Servers a few times, bit nerve wracking especially with Exchange Servers in the mix.

Generally for Home use QNAP with RAID and Snaps plus USB Disk (and/or Cloud) Backup is a reasonable solution. Their NAS to NAS RSync replication over a decently fast VPN works well too.

 

[JTWzen]

Couple of things everyone should do on their NAS Boxes regardless of Make/Model

Change the Default Admin Password for something more complex

For any User Passwords make them sensible and not daft like Password123 or ABC123 or qwerty

Keep the OS updated - you will be prompted when an update is available

Keep any Apps updated - you will be prompted when an update is available​

Synology recently advised adding a new administrator account, not called Admin obviously then disabling the default Admin account as the default is vulnerable to brute force password attacks.

 

[suzywong]

yes, i picked that up this evening with an uplate to DSM......

job for the next couple of days methinks.

 

[Amber Audio]

New QNAP Firmware out 4.5.3.1652
https://www.qnap.com/en/release-notes/qts/4.5.3.1652/20210428

Updated a dozen or so to see if any probs, so far all OK

Obviously a reaction to this attack - updates are going in auto and checked daily

Security Updates

• Fixed a DOM-based cross-site scripting vulnerability (CVE-2021-28806).
• Fixed a command injection vulnerability (CVE-2021-28800).

New Features
SNMP

• Added support for using SNMP with IPv6.

Enhancements
App Center

• App Center now automatically installs required updates by default.
• App Center now checks for available updates every day and automatically installs required updates by default.