Once again cybercriminals are targeting vulnerable QNAP Network Attached Storage devices. User reports and sample submissions on ID Ransomware claim that QNAP NAS devices are being targeted by eCh0raix, also known as QNAPCrypt. Reports show that cyber-attacks started on June 8.
Unknown attack vector
This is not the first time that QNAP devices are being targeted by eCh0raix ransomware attacks. For now, the number of victims is unknown. QNAP didn’t make any announcement about the attack vector. The company published a security advisory and warned users about the attacks. The company stated,
« The eCh0raix ransomware has been reported to affect QNAP NAS devices. Devices using weak passwords or outdated QTS firmware may be susceptible to attack. We strongly recommend users act immediately to protect their data. »
QNAP recommended the following actions:
- Use stronger passwords for your administrator accounts.
- Enable IP Access Protection to protect accounts from brute force attacks.
- Avoid using default port numbers 443 and 8080.
- Update QTS to the latest version.
- Update all installed applications to their latest versions.
eCh0raix is not the only cyber threat QNAP is dealing with. The company also warned its users against attacks that deploy DeadBolt ransomware payloads. The company stated,
« QNAP Systems, Inc. recently detected a new attack by the DEADBOLT Ransomware. According to the investigation by the QNAP Product Security Incident Response Team (QNAP PSIRT), the attack targeted NAS devices using QTS 4.3.6 and QTS 4.4.1, and the affected models were mainly TS-x51 series and TS-x53 series. QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the Internet. »