AgeLocker Ransomware Is Actively Targeting NAS Owners, QNAP Warns

QNAP is warning customers of a ransomware campaign that targets Network Attached Storage (NAS) users with older versions of QTS, a Linux-based operating system deployed by the company with its products.

AgeLocker is ransomware that directly targets QNAP customers by infecting their NAS hardware. Following an investigation, the company determined that the latest version of QTS has no known vulnerabilities that would let attackers deploy the malware with ease.

The most likely scenario is that some people continue to use older, unpatched QTS versions, giving threat actors a way in. Because the company is still trying to determine the exact route the infection takes, it can only recommend users upgrade their systems as soon as possible and follow best practices.

“Since unpatched devices are prone to information security threats, QNAP urges all users to update their device OS and apps to the latest version available,” said QNAP in a blog post. “Users should also follow good information security practices such as using strong passwords and installing the Malware Remover app on their NAS. These will make the device harder to be breached, thus enhancing data security.”

User reports indicate AgeLocker only targets QNAP NAS, Linux and macOS devices. The developers found evidence that many earlier versions of Photo Station are also susceptible to attack.

Two months ago, another malware, named QSnatch, affected QNAP systems, allowing attackers to steal credentials via a CGI password logger, scrape credentials, and provide attackers with a SSH backdoor and more. The company has a similar problem as then, when they couldn’t determine the infection vector.

QNAP asked customers to keep Malware Remover at the latest version, upgrade the operating system, and change all credentials.