QNAP Users: New Ransomware Threat

This weekend, multiple security researchers and QNAP announced a new ransomware security advisory.

Following on the heels of previous ransomware attacks targeting QNAP NAS units, the latest is called AgeLocker and can encrypt your entire NAS, holding your files hostage for ransom payment.

There’s an important point to be made here: like nearly all prior attacks, this one relies on users running an outdated QNAP QTS operating system and/or outdated QTS software packages. (In this case, Photo Station seems to be the vector.) This attack also relies on your QNAP NAS having direct inward access from the internet at large.

QNAP security updates require user intervention, and it’s crucial that your regularly log into the QTS interface to check for and install updates. If you need a reminder, put it on your calendar as a recurring event, or sign up for the Panachroma newsletter.

Like most other modern equipment in your creative practice, your NAS is a tiny computer requiring ongoing software updates for the best performance and security. Don’t forget to maintain it!

What else should I do?

  1. Update QTS to the latest version supported on your NAS.
  2. Update all your QTS packages.
  3. If haven’t already installed the Malware Remover package, install it.
  4. If you’re not routinely accessing your NAS outside of your local network, disable myQNAPcloud and UPnP. If you are routinely accessing your NAS outside of your local network, strongly consider disabling myQNAPcloud and using a VPN for access from outside your local network.

Here’s some step-by-step guides to these tasks from QNAP’s security best practices guide:

Updating QTS

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
  4. QTS downloads and installs the latest available update.

Updating Installed QTS applications

  1. Log on to QTS as administrator.
  2. Open the App Center.
  3. Go to My Apps.
  4. Beside Install Updates, click All.
    A confirmation message appears.
  5. Click OK.
    QTS updates installed applications to the latest versions.

Installing and Running the Latest Version of Malware Remover

  1. Log on to QTS as administrator.
  2. Open the App Center, and click the Search icon.
    A search box appears.
  3. Type “Malware Remover”, and then press ENTER.
    The Malware Remover application appears in the search result list.
  4. Click Install.
    QTS installs the latest version of Malware Remover.
  5. Open Malware Remover.
  6. Click Start Scan.
    Malware Remover scans the NAS for malware.

Changing myQNAPcloud Settings

  1. Log on to QTS as administrator.
  2. Open myQNAPcloud.
  3. Go to Auto Router Configuration.
  4. Deselect Enable UPnP port forwarding.
  5. Go to Publish Services.
  6. Deselect all unnecessary services.
  7. Click Apply.
  8. Go to Access Control.
  9. Set Device access controls to Private.
  10. Click Apply.

More information

For more information from QNAP, see their blog post:

Fight Against AgeLocker With QNAP: Install Software Updates and Follow Best Practices

Leave a Comment

Your email address will not be published. Required fields are marked *