QNAP Issues Guidance to Prevent Ransomware Attacks on NAS Devices
A security alert from QNAP urges customers to take precautions against a wave of ransomware attacks targeting its popular Network Attached Storage (NAS) devices.
In recent weeks, QNAP NAS owners have been a hot target for eCh0raix ransomware, also called QNAPCrypt, leaving many without their precious pictures and documents.
While some blame vulnerabilities in QNAP’s product, many admit they simply failed to secure the device properly, making it the most likely attack vector.
The Taiwan-based hardware vendor now urges customers to configure their NAS units properly to make sure bad actors can’t steal or encrypt their files for extortion.
“Ransomware and brute-force attacks have been widely targeting all networking devices, and the most vulnerable victims will be those devices exposed to the Internet without any protection,” the company said. “QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP networking devices.”
First order of business, QNAP says, is to check whether the NAS is exposed to the internet. If it is – or if the user indeed wishes it to be, for their own remote-access convenience – users must take additional steps to ensure NAS security, such as to disable router port forwarding and UPnP.
QNAP NAS owners are strongly advised to go through the entire security checklist here.
Users are also encouraged to securely access their QNAP NAS via the Internet through myQNAPcloud Link, or to use a VPN to enable secure remote access to the NAS.
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022