Qnap nas file locker ransomeware, patch now

I know there are a few out there on here, get your patches.

It is a file scrambling ransomeware.

Advice from Qnap

  • Install the latest software updates for the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps on their QNAP NAS gear to close off vulnerabilities that can be exploited by ransomware to infect devices.
  • Install the latest Malware Remover tool from QNAP, and run a malware scan. The manufacturer said it has “released an updated version of Malware Remover for operating systems such as QTS and QuTS hero to address the ransomware attack.”
  • Change the network port of the web-based user interface away from the default of 8080, presumably to mitigate future attacks. We’ll assume for now that vulnerable devices are being found and attacked by miscreants scanning the internet for public-facing QNAP products – we’ve asked the manufacturer to comment on this.
  • Make sure they use strong, unique passwords that can’t easily be brute-forced or guessed.
  • If possible, follow the 3-2-1 rule on backups: have at least three good recent copies of your documents stored on at least two types of media, at least one of which is off-site. That means if your files are scrambled, you have a good chance of restoring them from a backup untouched by the malware, thus avoiding having to cough up the demand, if you make sure the software nasty can’t alter said backups.

If user data is encrypted or being encrypted, the NAS must not be shut down. Users should run a malware scan with the latest Malware Remover version immediately, and then contact QNAP Technical Support at service.qnap.com.


Does this fix the other one?

Yes this is the same one. I did check the recent posts but did not go back more than a few hours, I thought it was newer than that.

1 Like

Can’t say I’ve ever met another human that’s used a TerraStation, but those have an active exploit that needs patching as well. TerraMaster NAS Vulnerability Found Over UPnP | StorageReview.com


We had a guy point out something similar-


UPnP was the first thing I thought of with these QNAP boxes also. There’s probably a significant number of those behind routers with UPnP enabled where the owners don’t even know they’re vulnerable.

I know most people here are probably not exposing their NAS to the internet, but some people are still using cloud-based functionality on their boxes. Please stop. This goes for all NASes btw, not just qnap.

I block all internet access to my NAS on my opnsense router. (unblocking when I need to update etc)

1 Like

Well, this certainly isn’t helping things. A lot of people are jumping to conclusions though.

Neither does this.

1 Like