A security alert from QNAP urges customers to take precautions against a wave of ransomware attacks targeting its popular Network Attached Storage (NAS) devices.
In recent weeks, QNAP NAS owners have been a hot target for eCh0raix ransomware, also called QNAPCrypt, leaving many without their precious pictures and documents.
While some blame vulnerabilities in QNAP’s product, many admit they simply failed to secure the device properly, making it the most likely attack vector.
The Taiwan-based hardware vendor now urges customers to configure their NAS units properly to make sure bad actors can’t steal or encrypt their files for extortion.
“Ransomware and brute-force attacks have been widely targeting all networking devices, and the most vulnerable victims will be those devices exposed to the Internet without any protection,” the company said. “QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP networking devices.”
First order of business, QNAP says, is to check whether the NAS is exposed to the internet. If it is – or if the user indeed wishes it to be, for their own remote-access convenience – users must take additional steps to ensure NAS security, such as to disable router port forwarding and UPnP.
QNAP NAS owners are strongly advised to go through the entire security checklist here.
Users are also encouraged to securely access their QNAP NAS via the Internet through myQNAPcloud Link, or to use a VPN to enable secure remote access to the NAS.