Een nieuwe ransomware familie is gevonden die zich richt op Linux-gebaseerde Network Attached Storage (NAS)-apparaten die zijn gemaakt door QNAP Systems uit Taiwan. De data  van gebruikers wordt in gijzeling gehouden totdat er een losgeld wordt betaald.

NAS-apparaten, ideaal voor thuis en kleine bedrijven, zijn speciale opslag media (servers) die zijn aangesloten op een netwerk of via het internet, waarmee gebruikers hun gegevens en back-ups kunnen opslaan en delen met meerdere computers.

De nieuwe ransomware, die “eCh0raix” wordt genoemd, is geschreven in de programmeertaal Go en codeert bestanden met gerichte extensies met behulp van AES-encryptie en voegt aan elk bestand de extensie .encrypt toe.

Bron The Hackernews

QNAP Security Advisory for eCh0raix Ransomware

• Release date: July 11, 2019
• Security ID: NAS-201907-11
• Severity: High
• CVE identifier: N/A
• Affected products: QNAP NAS devices

Summary

The eCh0raix ransomware is reportedly being used to target QNAP NAS devices. Devices using weak passwords and outdated QTS firmware may get infected.

We are urgently working on a solution to remove malware from infected devices and will release it at the soonest possible time.

If you have any questions regarding this issue, please contact us through the QNAP Helpdesk.

Recommendation

To avoid infection, you must:

1. Update QTS to the latest version.
2. Install and update Malware Remover to the latest version.
3. Use a stronger admin password.
4. Enable Network Access Protection to protect accounts from brute force attacks.
5. Disable SSH and Telnet services if you are not using them.
6. Avoid using default port numbers 443 and 8080.

Installing the QTS Update

1. Log on to QTS as administrator.
2. Go to Control Panel > System > Firmware Update.
3. Under Live Update, click Check for Update.
   QTS downloads and installs the latest available update.

Installing/Updating and running the latest version of Malware Remover

1. Log on to QTS as administrator.
2. Open the App Center, and then click the Search icon.
   A search box appears.
3. Type “Malware Remover”, and then press ENTER.
   The Malware Remover application appears in the search results list.
4. Click Install or Update.
   A confirmation message appears.
5. Click OK.
   The application is installed or updated to the latest version.
6. Open Malware Remover.
7. Click Start Scan.
   Malware Remover scans the NAS for malware.

Changing the Device Password

1. Log on to QTS as administrator.
2. Click the profile picture on the QTS Task Bar.
   The Options window opens.
3. Click Change Password.
4. Specify the old password.
5. Specify the new password.
   QNAP recommends the following criteria to improve password strength:
   • Should be at least 8 characters in length
   • Should include both uppercase and lowercase characters
   • Should include at least one number and one special character
   • Must not be the same as the username or the username reversed
   • Must not include characters that are consecutively repeated three or more times
6. Verify the new password.
7. Click Apply.

Enabling Network Access Protection

1. Log on to QTS as administrator.
2. Go to Control Panel > System > Security > Network Access Protection.
3. Configure SSH protection.
   1. Select SSH.
   2. Specify a time period and the number of failed login attempts.
4. Configure HTTP(S) protection.
   1. Select HTTP(S).
   2. Specify a time period and the number of failed login attempts.
5. Click Apply.

Disabling SSH and Telnet Connections

1. Log on to QTS as administrator.
2. Go to Control Panel > Network & File Services > Telnet/SSH.
3. Deselect Allow Telnet connection.
4. Deselect Allow SSH connection.
5. Click Apply.

Changing the System Port Number

1. Log on to QTS as administrator.
2. Go to Control Panel > System > General Settings > System Administration.
3. Specify a new system port number.
   Warning: Do not use 443 or 8080.
4. Click Apply.