QNAP warns for AgeLocker Ransomware

Gandalf_The_Grey

Level 43
Verified
Trusted
Content Creator
Apr 24, 2016
3,218
Summary
The AgeLocker Ransomware has been reported to target QNAP NAS, Linux, and macOS devices. This new ransomware attempts to encrypt the files of victims by using the “Age” encryption tool. QNAP Product Security Incident Response Team (PSIRT) has found evidence that the ransomware may attack earlier versions of Photo Station. We are thoroughly investigating the case and will release more information as soon as possible.

Recommendation
To secure your device and to protect your data from malicious ransomware attacks and unauthorized access, we strongly recommend updating QTS and all installed applications to their latest versions to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.
 

Gandalf_The_Grey

Level 43
Verified
Trusted
Content Creator
Apr 24, 2016
3,218
How to secure your QNAP device

To secure your NAS device, QNAP advises all owners to upgrade to the latest QTS version and update all installed applications, especially Photo Station.

To install the latest QTS update, you can perform the following steps:
  1. Log on to QTS as an administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
    QTS downloads and installs the latest available update.
You can also manually update the QTS firmware by going to Support > Download Center and downloading the manual update for your specific device.

To update all the apps on your QNAP devices, please follow these steps:
  1. Log on to QTS as an administrator.
  2. Go to App Center.
  3. Select My Apps.
  4. Beside Install Updates, click All.
    A confirmation message appears.
  5. Click OK.
    QTS updates all your installed applications to their latest versions.
In addition to QNAP's suggestions, it is also suggested that you do not expose the QTS Administration page or QTS applications to the Internet.

If an attacker cannot gain access to these pages, they will not be able to exploit any known vulnerabilities to gain access to your device.
 
Top