The QNAP Product Security Incident Response Team (PSIRT) has released updates for its Network-Attached Storage (NAS) devices (opens in new tab).
NAS devices by the Taiwanese vendor are a popular target for hackers and have been on the receiving end of various cyber attack (opens in new tab) campaigns lately. Threat actors are known to actively seek out vulnerabilities in order to target QNAP devices (opens in new tab) that are accessible over the internet.
Last month, the company released updates to safeguard devices from being exploited to mine cryptocurrency (opens in new tab). The latest updates, however, come in response to reports of two ransomware (opens in new tab) campaigns, Qlocker and eCh0raix, that are on the prowl for vulnerable QNAP devices.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
>> Click here to start the survey in a new window (opens in new tab)<<
- These are the best NAS drives (opens in new tab) on the market
- Here are the best firewall (opens in new tab) apps and services
- Protect your devices with these best antivirus software (opens in new tab)
In its advisory (opens in new tab), QNAP suggests users update their Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps, to mitigate the ongoing ransomware threat.
QNAP also urges its users to fetch and run its latest malware removal (opens in new tab) tool to ensure their devices are sanitized.
If you have been hit by the ransomware, the company suggests you don’t power down your NAS device, even if you catch the data being encrypted. Instead, you are advised to immediately run the malware scan and contact QNAP’s technical support.
To avoid being targeted, QNAP’s PSIRT suggests all users practice sensible password policies. In fact, that advice should be applicable to everyone, especially with there being no dearth of password managers that can help you set strong passwords.
Meanwhile, QNAP says it is urgently working on a solution to remove malware from infected devices.
- Check out our roundup of the best endpoint protection software (opens in new tab)
Via The Register (opens in new tab)