Taiwanese vendor QNAP has warned customers to secure NAS device exposed online from ransomware and brute-force attacks.
Customers can check whether their NAS is exposed online by using the Security Counselor, a built-in security portal for QNAP NAS devices.
If the NAS is exposed to the Internet the dashboard will display the message “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP.”
Administrator of devices exposed to the Internet should:
- Disable the Port Forwarding function of the router. Disable the port forwarding setting of NAS management service port (port 8080 and 433 by default) from the Virtual Server, NAT or Port Forwarding setting
- Disable the UPnP function of the QNAP NAS from the QTS menu of myQNAPcloud. Disable the “Enable UPnP Port forwarding” under “Auto Router Configuration item.
The vendor also published a guide to securely access QNAP NAS via the Internet through myQNAPcloud Link.
In December last year, a new wave of ech0raix ransomware attacks targeted QNAP NAS devices. Users reported numerous compromises of their devices a few days before Christmas. ech0raix ransomware operators demand a ransom raising from .024 ($1,200) up to .06 bitcoins ($3,000).