QNAP warns customers with unsecured NAS systems about ransomware attacks

QNAP strongly recommends that all customers with NAS systems carefully review their security settings to ensure that the systems are not connected to the Internet in an unsecured manner. This advice follows an increase in the number of victims of the eCh0raix ransomware.

QNAP recommends customers to check in the Security Counselor of their nas systems if their systems are accessible over the internet. If this is the case, a message will appear that the user is running a ‘medium risk’. If users see that the NAS is accessible via the Internet, they are advised to disable port forwarding for that NAS within their router. By default, ports 8080 and 433 belong to QNAP NAS systems. In addition, customers are advised to disable UPnP for their NAS within myQNAPcloud.

QNAP warns its customers after “network devices are targets of ransomware and brute-force attacks”, without giving more details. BleepingComputer wrote at the end of December that significantly more NAS systems were affected by the eCh0raix ransomware, also known as Qnapcrypt. Some users admitted that they had connected their NAS system to the Internet unsecured.

Discovered in 2019, this ransomware appends an .encrypt extension to files and encrypts them with aes 256 encryption. Even then, QNAP advised nas users to stop using the 8080 and 443 ports as the default. It was also advised to disable ssh and telnet. In March, the company warned of brute-force attacks targeting its NAS systems.