Anyone using QNAP’s network storage should perform the latest update.
QNAP issued an update warning
The reason for this is an “AgeLocker Ransomware”. According to reports, the malware targets NAS, Linux and MacOS devices. The software encrypts the victims’ data with an encryption program. The encryption tool used is called “Age”.
QNAP may have problems with earlier versions of Photo Station. This case is currently being thoroughly investigated by the QNAP Product Security Incident Response Team (PSIRT). Further results will be published as soon as they are available.
In order to secure all devices and data, QNAP strongly recommends that all applications be upgraded to the latest version. This prevents unauthorized persons from accessing the data and devices. With the update, the user benefits from the fixes to the vulnerabilities.
Not the first attack
Already last year there were warnings from CISA and NCSC, this was observed by the Qsnatch malware family. Potentially vulnerable to the malware were all devices that did not have the latest security fixes.
This year in July 2020 there were reports that tens of thousands of NAS drives of users were infected with the malware Qsnatch.
This was followed by updates from the manufacturer QNAP, so that users can protect themselves from the malware.
Update to latest version
To perform the update, simply check the product support status to see the latest updates for the NAS model in use.
The QTS update is performed after logging in as an administrator via Control Panel > System > Firmware Update. Clicking Live Update will check for updates and download and install the latest one.
The update can also be downloaded from the QNAP website. Simply go to the Support section and then to Download Center. This allows a manual update to be performed for the respective device.
To update all applications, the user logs on to QTS as an administrator and can use the App Center > My Apps > Install Updates, select all and all applications will be updated to the latest version.