Disable remote access to your QNAP NAS if you don’t want to see a new ransomware encrypt all your data (and then upgrade)

0

Hardware manufacturer QNAP is warning owners of their NAS devices (Network Attached Storage) be temporarily disconnected from the Internet, since a new type of ransomware, baptized as DeadBolt, has begun to scan the Internet looking to infect them.

After what the user forums will begin to fill with complaints of similar cases, QNAP has posted a security advisory on its website acknowledging that “the vulnerability allows attackers to execute arbitrary code on the system.”

The ransonware in question is not particularly complex, but if the software on the computer in question is out of date, there is not much we can do to prevent it from getting infected. DeadBolt encrypts all the data… and then demands a ransom from us in bitcoins.

All QNAP NAS computers running QTS 4.5.3 (and later) or QuTS Hero h4.5.3 (and later) operating systems are vulnerable to this ransomware

Typically, NAS users use this device to access their files over the LAN (local network), but it is not surprising that many of them also have remote access enabled (that is, through the Internet), so that they can also connect from outside the home (or the office).

It is precisely this setting that QNAP is recommending to disable as long as you are not guaranteed to have fully up-to-date software. In fact, for security, advise to go further and disable all port forwarding on the router to which the NAS is connected. Once it is disconnected, it is no longer exposed to ransomware infection.

The four most used operating systems for NAS devices, in case you are thinking of getting one

Ransomware what it is, how it infects and how to protect yourself

Steps to follow

But how to know for sure whether our QNAP NAS is connected to the Internet or not? If in the control panel of the operating system (QTS / QuTS Hero) we see a warning similar to the following, is that our NAS is accessible from the outside:

“The system administration service can be directly accessed from an external IP address through the following protocols: HTTP.”

Once we have secured the equipment against intrusions from the outside, it is time to fix the vulnerability by updating the NAS operating system to the latest version. For this we must:

  • Log in to QTS or QuTS Hero as an administrator.

  • Access ‘Control panel > System > Firmware update’.

  • In the ‘Live Update’ section, click on ‘Check for update’, and install the latest one available.

Alternatively, we can also download the update directly from the Download Center of the QNAP website, and then perform a manual update.

LEAVE A REPLY

Please enter your comment!
Please enter your name here