Security News > 2021 > April > QNAP NAS devices under ransomware attack
QNAP NAS device owners are once again under attack by ransomware operators, who are exploiting a recently fixed vulnerability to lock data on vulnerable devices by using the 7-Zip open-source file archiver utility.
CVE-2020-36195, an SQL injection vulnerability affecting QNAP NAS running Multimedia Console or the Media Streaming add-on.
QNAP initially believed that the ransomware operation called Qlocker exploited CVE-2020-36195 to gain access to internet-connected NAS devices and lock users' data, but it turned out to be CVE-2021-28799.
Those lucky QNAP NAS owners that have not yet been hit by the attackers are advised to implement the offered updates to stymie these and other ransomware gangs.
"The QNAP security team has detected suspicious ransomware in the wild known as AgeLocker, which has the potential to affect QNAP NAS devices," QNAP warned on Thursday, but did not say which vulnerabilities the attackers are exploiting.
"To secure your device, we strongly recommend regularly updating QTS or QuTS hero and all installed applications to their latest versions to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model. To further secure your device, do not expose your NAS to the internet. If you must connect your NAS to the internet, we highly recommend using a trusted VPN or a myQNAPcloud link."
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/KhDvutDEg_Q/
Related news
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)
- Qilin ransomware claims attack at Lee Enterprises, leaks stolen data (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hunters International ransomware claims attack on Tata Technologies (source)
- Toronto Zoo shares update on last year's ransomware attack (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- BlackLock ransomware claims nearly 50 attacks in two months (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-13 | CVE-2021-28799 | Unspecified vulnerability in Qnap Hybrid Backup Sync An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. | 9.8 |
| 2021-04-17 | CVE-2020-36195 | SQL Injection vulnerability in Qnap QTS An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. | 9.8 |