There seems to be no peace for IT administrators who have faced a new attack on their infrastructure these days. The QNAP storage are the target which, due to a vulnerability, CVE-2020-2509 and CVE-2020-36195, can allow malicious users to encrypt all user data with consequent ransom demand.
The attack, called Qlocker, starts from a 7-zip file, which is sent via email and which must also be opened, which in a short time manages to take possession of the storage and encrypt the documents with many compressed files with an attached password that only the attacker knows. After QNAP devices are encrypted, users are left with a ransom note called “!!! READ_ME.txt” which includes a unique client key that victims must enter to access the ransomware’s Tor payment site.
QNAP has already fixed these vulnerabilities with the latest updates in April and in the meantime has released a list of tasks to do for both those who have been attacked and those who have not:
- Install the latest version of the Malware Remover and run a scan
- Update the Multimedia Console, Media Streaming Add-on and Hybrid Backup Sync components
- Contact QNAP Technical Support for help
- Do not turn off the device (in case you have already lost your data)
Some Practical Tips
There are two important things to consider when using QNAPs in a production environment. The first is to disable non-useful components, such as the Multimedia Console which has little to do in a business activity. The second is to always keep the device updated, limiting access to the management console only to IPs allowed with strong credentials.
The Cloud Always Helps
Do you use QNAPs as data storage? Then it’s even more important to adopt a cloud backup philosophy. Through the Hybrid Backup Sync component, you can save your documents in a cloud blob such as Azure Storage and have your data stored in a separate context from the production one with a very low data loss delta. And if you want to give even more protection, here you can protect Azure Storage with Azure Backup to be 100% sure that your data is safe. The 3-2-1 rule is always fundamental and must be implemented even if your company is small because the data is business and must be protected in the best possible way.