[SECUIRTY ADVISORY] for eCh0raix Ransomware

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Post Reply
User avatar
Toxic17
Experience counts
Posts: 4973
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

[SECUIRTY ADVISORY] for eCh0raix Ransomware

Post by Toxic17 » Tue Aug 13, 2019 7:37 pm

Release date: August 12, 2019
Security ID: NAS-201907-11
Severity: High
CVE identifier: N/A
Affected products: QNAP NAS devices

Summary
The eCh0raix ransomware is reportedly being used to target QNAP NAS devices. Devices using weak passwords and outdated QTS firmware may get infected.

We strongly recommend that users act immediately to protect their data from possible malware attacks.

If you have any questions regarding this issue, please contact us through the QNAP Helpdesk.

Recommendation
To avoid infection, you must:
  1. Update QTS to the latest version.
  2. Install and update Security Counselor to the latest version.
  3. Use a stronger admin password.
  4. Enable Network Access Protection to protect accounts from brute force attacks.
  5. Disable SSH and Telnet services if you are not using them.
  6. Avoid using default port numbers 443 and 8080.
Installing the QTS Update
  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
QTS downloads and installs the latest available update.

Installing/Updating and running the latest version of Security Counselor
  1. Log on to QTS as administrator.
  2. Open the App Center, and then click the Search icon.
    A search box appears.
  3. Type “Security Counselor”, and then press ENTER.
    The Security Counselor application appears in the search results list.
  4. Click Install or Update.
    A confirmation message appears.
  5. Click OK.
    The application is installed or updated to the latest version.
  6. Open Security Counselor.
  7. Click Start Scan.

Security Counselor scans the NAS for rules.

Changing the Device Password
  1. Log on to QTS as administrator.
  2. Click the profile picture on the QTS Task Bar.
  3. The Options window opens.
  4. Click Change Password.
  5. Specify the old password.
  6. Specify the new password.
    QNAP recommends the following criteria to improve password strength:
    • Should be at least 8 characters in length
    • Should include both uppercase and lowercase characters
    • Should include at least one number and one special character
    • Must not be the same as the username or the username reversed
    • Must not include characters that are consecutively repeated three or more times
  7. Verify the new password.
  8. Click Apply.

Enabling Network Access Protection
  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Security > Network Access Protection.
  3. Configure SSH protection.
    • Select SSH.
    • Specify a time period and the number of failed login attempts.
  4. Configure HTTP(S) protection.
    • Select HTTP(S).
    • Specify a time period and the number of failed login attempts.
  5. Click Apply.
Disabling SSH and Telnet Connections
  1. Log on to QTS as administrator.
  2. Go to Control Panel > Network & File Services > Telnet/SSH.
  3. Deselect Allow Telnet connection.
  4. Deselect Allow SSH connection.
  5. Click Apply.
Changing the System Port Number
  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > General Settings > System Administration.
  3. Specify a new system port number.
    Warning: Do not use 443 or 8080.
  4. Click Apply.
Acknowledgements: Anomali Labs and Intezer

Revision History: V2.0 (August 12, 2019) - Published
V1.0 (July 11, 2019) - Published

Source: https://www.qnap.com/en-uk/security-adv ... -201907-11

https://www.qnap.com/solution/security-counselor/en/

User avatar
skypx
Know my way around
Posts: 249
Joined: Sat Aug 15, 2009 4:44 pm

Re: [SECUIRTY ADVISORY] for eCh0raix Ransomware

Post by skypx » Tue Aug 13, 2019 9:21 pm

Thanks for the heads up. 👍
TVS-871 i7 16GB Ram
Firmware 4.3.6.0805 Build 20181228
8x HGST HUH721212ALN600 LEGNT3D0 RAID 5
QNAP Network LAN-10G2T-X550T2
Netgear XS708Ev2

User avatar
Toxic17
Experience counts
Posts: 4973
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: [SECUIRTY ADVISORY] for eCh0raix Ransomware

Post by Toxic17 » Wed Aug 14, 2019 1:11 am

To Signup to a Security Advisory newsletter please go here: https://www.qnap.com/i/_event/epaper/?lang_set=safe
Regards Simon

QNAP 4.3.x/4.2.x Manuals

QNAP Club Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-473-32GB QM2-2P QXG-10G1T 4.3.6.1040 • TVS-463-16GB 4.3.6.1040 QM2-2S10G1TB • TS-459 Pro 2GB 4.2.6 • TS-121 4.3.3.0998 • APC Back-UPS ES 700G •
QPKG's: TwonkyServer 8.51 • Apache73 • QSonarr 3.0.1.503 • QNBZGet 21.0 • phpMyAdmin 4.9.0.1 • Qmono 5.20.1.19 • McAfee 2.2.0 • Lychee 3.2.15 • HBS 3.0.190802 • LEgo v3.0.0
Network: VM Hub 3.0 <500/35> • UniFi USG Pro 4 • UniFi USW-16-150W • UniFi USW-8-60W • UniFi CloudKey Gen2+• UniFi G3-Flex • UAP AC Pro • UAP AC Lite • SLM2008 • Dell 7050 MFF •

Post Reply

Return to “Users' Corner”