Cyber Police Warns of Large-Scale Global Cyberattack on QNAP Devices
The ransomware used for cyber attacks uses the 7-Zip archiver to “encrypt” files. In the future, attackers demand money to restore access.
Once in the system, the malware creates password-protected 7-Zip archives - 20MB in size, into which it “packs” the files contained on the device. Victims, when opening a text file created by the crypto-locator “Qlocker”, find a link to a resource hosted on the TOR network. Next, it is proposed to enter a personal ID, which is assigned to the device by the ransomware virus, and in the future to obtain an electronic wallet in cryptocurrency.
To decrypt, the victim needs to enter a password that is known only to the operator “Qlocker”. For the restoration of access, the attackers demand money from the victims.
Cybercriminals exploit critical vulnerabilities in QNAP operating systems, namely CVE-2020-2509 (vulnerability allows attackers to execute arbitrary commands in a compromised application), CVE-2020-36195 (SQL injection into QNAP Multimedia Console and Media Streaming Add-On).
Recommendations on how to protect the device from attack:
1. Update the QNAP firmware version.
The developer has already released an update that contains fixes for said vulnerabilities.
Update QTS or QuTS hero:
- login to QTS or QuTS hero as administrator;
- go to Control Panel > System > Firmware Update
- click on Check for updates. Next, install the latest current update.
Update Multimedia Console and Media Streaming Add-On:
- log in to QTS as an administrator;
- open the Application Center and click on the search icon;
- Enter Multimedia Console or Media Streaming Add-On;
- click Refresh
(a confirmation message will appear);
- click OK.
2. Connect to the internal network only using VPN;
3. Set up demarcation of access to company resources using firewalls, network screens, virtual networks;
4. Make a backup of data.
Cyber Police Department of the National Police of Ukraine