The manufacturer of network devices QNAP has discovered the cause of attacks by the interlocking trojan Qlocker and publishes security updates. This happened abundant Spat: Middle now suggests that the wire drawers have set their malware campaign.
Since April 2021, it has been Qlocker on network storage (NAS) from QNAP. Since then, the NAS manufacturer has worked on a solution. The Schadling has infested systems, data in password-degraded 7zip archives and challenged.
Now QNAP has updated a message from April and indicates that one as "critical" Stained Safety Challenge (CVE-2021-28799) in Hybrid Backup Sync (HBS) The cause of the attacks is. This is an account with hard-coded access data, over which the attackers have received access to systems via the Internet.
As is apparent from a warning message, the following HBS versions are protected against such attacks:
- from QTS 4.5.2: HBS 3 V16.0.0415
- from QTS 4.3.6: HBS 3 V3.0.210412
- from QTS 4.3.3 and 4.3.4: HBS 3 V3.0.210411
- From Knts Hero H4.5.1: HBS 3 V16.0.0419
- from KNTSCloud C4.5.1 ~ C4.5.4: HBS 3 V16.0.0419
HBS 1 and 1.3 should not be affected by the vulnerability.
Qlocker strokes the sails
The security patches are abundant spat: After the Errrang hundreds of users, the criminals should be within one month 350.000 US Dollar Losegeld.
Now, sacrifices report that the payment websites are no longer available. It indicates everything that the wire hands have finished the Qlocker campaign. So even payments could no longer pay the Losegeld.
Generally, you should not make network storage from the Internet. Thus, the attack surface is increased by a multiple. If it is no different, users should protect access through, for example, strong passwords and a firewall. In addition, NAS owners should break out suspicious accounts and keep the system up to date. Further security tips has compiled QNAP in a post.
In addition, QNAP still publishes security updates for the NAS operating systems QTS and QTS and QTS HERO, a security chake (CVE-2021-28798, "high") shut. According to a warning message, an attacker was able to manipulate files after a successful attack.