Alert: Qlocker and eCh0raix ransomware attacks against QNAP NAS devices

Qlocker and eCh0raix ransomware attacks against QNAP NAS devices

QNAP Systems, Inc. (QNAP) issued a statement strongly urging users to immediately update and run malware scans on QNAP NAS devices after recent reports of ransomware attacks involving Qlocker and eCh0raix.

Qlocker and eCh0raix have successfully targeted and infected QNAP network attached storage (NAS) devices hosted by some of its customers. As a result, the ransomware was able to encrypt data and demand ransoms to restore the information.

QNAP, a leading storage and networking firm, issued the statement on Thursday, April 24:

“QNAP strongly urges that all users immediately install the latest Malware Remover version and run a malware scan on QNAP NAS. The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks. QNAP is urgently working on a solution to remove malware from infected devices.”

Moreover, QNAP released a newer version of Malware Remover and urged its customers to install and run a malware scan immediately. The storage vendor also warned not to shut down NAS and contact QNAP technical support for assistance.

To add, QNAP advised users to modify the default network port 8080 for accessing the NAS operating interface.

QNAP vulnerabilities and patches

QNAP issued two recent security updates for products and recommended customers update affected products as soon as possible:

  • CVE-2020-36195: SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On.
  • CVE-2021-28799: Improper Authorization Vulnerability in HBS 3 Hybrid Backup Sync.

QNAP recommends customer update Multimedia Console, the Media Streaming add-on or HBS 3 Hybrid Backup Sync to the latest version. Additionally, the storage firm recommends updating QTS to latest version as well if running versions QTS 4.3.3 and QTS 4.3.6.

Previous cyberattacks

Readers may also recall earlier this month when legacy QNAP NAS devices were vulnerable to zero-day cyberattacks.

At that time, two Critical zero-day vulnerabilities (CVE-2020-2509 and CVE-2021-36195) could allow a remote unauthenticated attacker to manipulate data and take over QNAP network attached storage (NAS) devices.

Related Articles