"QNAP Customers Hit by Double Ransomware Blitz"
Customers of a popular network-attached storage (NAS) vendor appear to be caught in the middle of two ransomware campaigns. Taiwanese manufacturer QNAP released an advisory late last week warning of a critical threat from the DeadBolt variant, which it said appeared to be targeting users running outdated versions of QTS 4.x. The company stated to secure your NAS, they strongly recommend updating QTS or QuTS hero to the latest version immediately. The company noted that if your NAS has already been compromised, take the screenshot of the ransom note to keep the bitcoin address, then upgrade to the latest firmware version, and the built-in Malware Remover application will automatically quarantine the ransom note which hijacks the login page. Security researchers at G Data Malware have warned of a resurgent eCh0raix campaign targeting the same devices. The ransomware, also known as QNAPCrypt, is currently only being detected by 28 out of 58 vendors. This is not the first time that both variants have targeted QNAP devices. In May, the vendor warned that devices using weak passwords or outdated QTS firmware may be susceptible to attack. To avoid being compromised, the company advised customers to use stronger passwords for admin accounts, enable IP access protection to mitigate the risk of brute force attacks, avoid using ports 443 and 8080, and update QTS and all associated apps to the latest versions. In the same month, QNAP issued a separate advisory warning of an earlier DeadBolt campaign. DeadBolt also struck in January this year. Bud Broomhead, CEO at Viakoo, explained that around 10 out of CISA’s 700+ listed known exploited vulnerabilities affect QNAP. Broomhead stated that QNAP devices are very attractive to cybercriminals whose strategy is to ask a large number of victims for a small amount of money, as opposed to a few victims being asked for large amounts. Broomhead noted that the $900 asked for as a ransom is at a level where many operators of the devices will choose to pay rather than get their IT or security teams involved.
Infosecurity reports: "QNAP Customers Hit by Double Ransomware Blitz"