QNAP Issues Guidance to Prevent Ransomware Attacks on NAS Devices
A security alert from QNAP urges customers to take precautions against a wave of ransomware attacks targeting its popular Network Attached Storage (NAS) devices.
In recent weeks, QNAP NAS owners have been a hot target for eCh0raix ransomware, also called QNAPCrypt, leaving many without their precious pictures and documents.
While some blame vulnerabilities in QNAP’s product, many admit they simply failed to secure the device properly, making it the most likely attack vector.
The Taiwan-based hardware vendor now urges customers to configure their NAS units properly to make sure bad actors can’t steal or encrypt their files for extortion.
“Ransomware and brute-force attacks have been widely targeting all networking devices, and the most vulnerable victims will be those devices exposed to the Internet without any protection,” the company said. “QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP networking devices.”
First order of business, QNAP says, is to check whether the NAS is exposed to the internet. If it is – or if the user indeed wishes it to be, for their own remote-access convenience – users must take additional steps to ensure NAS security, such as to disable router port forwarding and UPnP.
QNAP NAS owners are strongly advised to go through the entire security checklist here.
Users are also encouraged to securely access their QNAP NAS via the Internet through myQNAPcloud Link, or to use a VPN to enable secure remote access to the NAS.
Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds
December 21, 2021
Online Shoppers Beware, Mobile Scams Are on the Rise
December 17, 2021
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021