Jump to content

WARNING: QNAP MALWARE ATTACK


Recommended Posts

UPDATE: My backup has just finished restoring all my Media files and is more or less back to how it was before the attack. The only thing that I can't repair is my Roon database as I did not backup my Roon backup. No real harm done, as I can redo my playlists. I have taken the advice of forum members and ensured that all external access to the NAS is disabled. I do feel a little miffed with Qnap, becaue the settingsI had were more or less 'Out the box'. I have ensured that the Malware remover app, is now scanning once a day instead of once a week and changed other settings as advised by Qnap. I have also installed the 'QuFirewall' which prevent access from outside my country. Not sure how good that will be if the attacker uses a VPN. but hey ho, it's another level of protection. I have also turned off 'upnp' in my router. One final thing, I have done is to take another backup off my files which is running now and should be finished when I wake up tomorrow. You can't have too many backups and this one is going to a freind for safe keeping.

I read a lot about this attack on the Qnap forum and it seems a lot of Qnap owners were hit. I am just glad that it doen't seem to have affected anyone else here. As Paul points out, the instructions to repair a NAS that has been attacked are fairly complicated for the layman and I include myself in that category as far as the workings of a NAS are concerned. I have no idea how to SSH and although I am proficient with windows and can even still use DOS when needed, Linux and NAS drives are a mystery to me. I am also getting a bit too long in the tooth to start trying to learn this stuff. I am an ex joiner/carpenter and when I read I needed putty to access my NAS, I decided a trip to the glaziers was one step too far for me :) 

  • Like 5
Link to post
Share on other sites
5 hours ago, fredbatch said:

Maybe we could collectively deploy the services of Liam Neeson to find the culprit. We know what happens next...

In the words of Billy Connolly, 'Hanging is too good for them them, it's a good kick up the arse they need'.

Link to post
Share on other sites

Today I got a message from my QNAP NAS Maware Remover: ‚malware detected and deleted‘.

it seems the attack vector is the QNAP Multimedia app which luckily I had disabled, together will all kind of external access options. It seems I‘m find, but haven‘t powered on my other QNAP NAS yet (they are not running 24x7 which again might have helped), in order to confirm first that the backup NAS is fine.

However the scope of this attack seems to be much larger than expected and even though I did not allow any external access the malware infected my system via a QNAP app, which is scary.  So far it seems I was lucky but you never know....
 

It is recommended to update to the latest firmware, malware detection and hybrid backup versions.

More information here:  https://www.qnap.com/en-uk/how-to/faq/article/what-is-the-best-practice-for-enhancing-nas-security

Good luck to everyone impacted.

  • Like 2
Link to post
Share on other sites

Wow. I usually ignore messages like this, because they seem to come from uninformed ppl crying havoc and creating a text virus themselves, but this time I'm glad I read this. Thanks for the warning. It seems I'm not affected, and I'm currently doing the update. 

I will be going through a round of "close all ports" later. 

  • Like 2
Link to post
Share on other sites

Good to hear your getting back on track Billz. Although I have a different brand of drive, this thread has made me look into the matter a bit more in depth and I'm glad I did  as it made me up my security a bit. I did have great fun tearing my hair out though as I has changed my port settings and couldn't remember what I had changed it to.:D, I got there in the end though.

  • Like 1
Link to post
Share on other sites

Glad to see, that the damage done here was limited, apparently. But assuming that a NAS can't be hacked, immediately entitles one to read Kim Zetter's book Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon.

Edited by TooManyCatweazles
Link to post
Share on other sites

Billz, glad to hear all is back to normal. I did the software updates last week. I use only the NAS for music, so never open multimedia. 
I keep two copies of all my music files as backup separate from the Qnap. It is a pain adding to each whenever I purchase new music, but should I lose it all, I will be grateful for that extra time spent.👍🎼🎶🎶🎵🎶🎶

Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...