A new ransomware strain called “Qlocker” is targeting QNAP NAS devices as part of an ongoing campaign and encrypting files in password-protected 7zip archives and demanding Bitcoin payment for decryption keys
The Taiwanese company has released an advisory prompting users to apply updates to QNAP NAS running Multimedia Console, Media Streaming Add-on, and HBS 3 Hybrid Backup Sync to secure the devices from any attacks. Once updated insisted to do a scan
Patches for the three apps were released by QNAP over the last week. CVE-2020-36195 concerns an SQL injection vulnerability in QNAP NAS running Multimedia Console or Media Streaming Add-on, successful exploitation of which could result in information disclosure. On the other hand, CVE-2021-28799 relates to an improper authorization vulnerability affecting QNAP NAS running HBS 3 Hybrid Backup Sync that could be exploited by an attacker to log in to a device.
QNAP is also urging users to the latest version of Malware Remover to perform a scan as a safety measure while it’s actively working on a solution to remove malware from infected devices.
Users are advised to modify the default network port 8080 for accessing the NAS operating interface. The data stored on NAS should be backed up or backed up again utilizing the 3-2-1 backup rule, to further ensure data integrity and security.