NAS devices from Qnap have been targeted by a wave of ransomware attacks. Therefore, the NAS builder is now asking its users to urgently check some key settings.
Cybercriminals are focusing their probes on Qnap NAS devices. This is done with the eChr0raix ransomware. It surfaced for the first time in late April 2021 and exploited a vulnerability that was closed via an update on April 16 of that year. Installing that update, of course, is the first and most important step to guard against the ransomware. However, criminals also rely on brute force attacks to penetrate devices and encrypt data. With that in mind, Qnap is now asking users to urgently check some key security settings.
Portforwarding
First of all, users should check via the Security Counselor on the NAS whether their device is accessible via the Internet. If that is the case, Qnap asks to disable port forwarding on ports 8080 and 433 through the router. Furthermore, Qnap asks to disable the Enable UPnP Port forwarding feature.
Qnap supports two-factor authentication. The manufacturer does not mention the setting by name, but it is nevertheless a good idea to enable it for accounts with write permissions on the NAS. Further, make sure passwords are long enough so that a brute force attack won’t just guess them. If you only use the device locally, you can also disable access from the Internet.