Ransomware impacting QNAP devices

A few weeks ago, a client of mine contacted me stating that their QNAP NAS had been attacked by a ransomware virus. The only saving grace was that they had taken a backup to an external USB drive a week earlier. Now to gain access to the QNAP NAS and reset the device, I took it to my office, put the device on a isolated network created by a standalone router, to prevent by office systems from potentially being impacted. Once I was in the device, I factory reset the device, clearing all the contents. Then I ensured I downloaded the latest Firmware for the NAS from QNAP. (This was not being done prior to the Ransomware attack.)

https://www.securityweek.com/qnap-says-recently-patched-flaw-exploited-qlocker-ransomware-attacks

Once the latest firmware was installed, I updated all the apps requiring updates as a result of the firmware update within the NAS to their latest versions. I recreated the same configuration (Logins, folders etc) that existed prior to the reset.

I then restored the data backed up on the USB drive back to the NAS and returned the device back to the client site. Since the settings were the same as before, all computers onsite connected as before.

I cannot stress enough the importance of backups. You can be attacked at any time, so ensure your backups are up to date. If they are not automated, the odds are on that the backups won’t be done regularly. Have multiple backups as even a backup drive can fail. Once the backup is complete, disconnect it from the NAS so as to prevent an infection from spreading to the backup device. Keep multiple backups. Some automated (Always connected device) and some manual (Temp connected device)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s