Another day, another cyberattack against QNAP’s network-attached storage (NAS) devices. This time, QNAP users are being targeted by ech0raix, a known ransomware operator that’s been targeting vulnerable QNAP devices for years now.
Users first started recording being hit with ransomware on June 8, and since then, the number of ID Ransomware submissions has been quickly piling up. So far, a “few dozen” samples have been submitted, but the actual number of successful attacks is probably a lot higher since some victims won’t be using the ID Ransomware service to detect the strain that attacked them, the publication states.
QNAP is so far being silent on the matter, so it’s hard to know exactly how the attack was mounted, and whether or not any malware was used.
Defending the premises
In order to defend the vulnerable endpoints (opens in new tab) from the attack, users can turn to the advice the company provided during one of the earlier attacks, which includes creating a stronger password for admin accounts, enabling IP Access Protection to defend against brute-force attacks, and avoiding default port numbers (443, 8080).
An in-depth guide on how to set all those things up can be found in QNAP’s security advisory, here (opens in new tab).
The company has also warned users to disable Universal Plug and Play (UPnP) port forwarding on their routers, in order not to expose their devices to the internet. Furthermore, disabling SSH and Telnet connections, and toggling IP and account access protection on, should help, as well.
ech0raix is a known ransomware strain that’s been targeting vulnerable (opens in new tab) QNAP devices since at least 2019. The media were reporting of multiple large-scale attacks, that started with a brute-force entry into internet-exposed NAS devices.
Since then, attacks against QNAP endpoints were observed twice in 2020, once in 2021, and once in early 2022.