Not all are good. Disabling SSH mean that the user have no options left when the web admin interface become unreachable for some reason. Disabling the admin account lead to that some features can't be used.
[RANSOMWARE] Qlocker
-
- Guru
- Posts: 13183
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
-
- Experience counts
- Posts: 1081
- Joined: Thu Aug 24, 2017 10:28 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
You're right, that's true for you, and many others. But it's like the auto-update debate, you're an expert user: you don't need or want this kind of advice. It's not for you. You're not obligated to follow it. It's for the majority of users who don't know what to do with SSH when it's available, and it's dangerous to allow root login via SSH, not only for security reasons, especially if you don't know what you're doing.
I went back and edited my post:
"- It gives a lot of good advice to novice and non-technical users for securing QNAP NASes (except the bit about changing port numbers, that's bollocks)."
- OneCD
- Guru
- Posts: 12010
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
-
- New here
- Posts: 5
- Joined: Fri Mar 11, 2016 5:23 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Got attacked by this last week. Both of my QNAP nases. Fortunately, most of it was video files that were not encrypted. All my music and photos and work documents were encrypted though so that's all gone. Lost all faith in QNAP. Didn't know they would be vulnerable to ransomware.
I've updated everything and deleted all the 7zip files.
Can someone please show or direct me step by step how to isolate my two NASes (251 and 451) from the internet? I only need it on my local network to stream videos, and it is currently plugged through my router.
Also I have run Malware Remover on both my NAS. Is there anything else I need to do to ensure that it is no longer infected?
Thanks!
I've updated everything and deleted all the 7zip files.
Can someone please show or direct me step by step how to isolate my two NASes (251 and 451) from the internet? I only need it on my local network to stream videos, and it is currently plugged through my router.
Also I have run Malware Remover on both my NAS. Is there anything else I need to do to ensure that it is no longer infected?
Thanks!
-
- Guru
- Posts: 13183
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Of course I'm not thinking about me. I'm thinking of it as advice for the inexperienced users.
Systems can freeze up also for newbies (it even happen more often for the inexperienced) and sometimes advice to them offered here when they're in trouble will be to install PuTTY and enter this or that command.It's for the majority of users who don't know what to do with SSH when it's available...
I'd say that the main reason Qnap started to give the advice to shut down SSH was becuase of the stupidity they were doing, using UPnP to automatically expose services on the internet as well. SSH on the internet is crazy but the solution isn't to shut down the service completely.
Trust me, the inexperenced users won't touch SSH until they absolutely need to. A very large majority don't even know how to access it and they're uncomfortable when at a prompt.and it's dangerous to allow root login via SSH, not only for security reasons, especially if you don't know what you're doing.
SSH is only a possible risk for the tinkerer that know a little but not enough to understand the dangers. They may shoot themselves in the foot but they will simply enable SSH and try it anyway so they won't be protected by this advice either.
If the bad guys have compromised the network and have a foothold on the inside, having SSH disabled won't protect the Qnap.
So no. SSH isn't inherently dangerous on a local network and shutting down the SSH service isn't a good securiy advice for anyone. It's only a possible limitation in the ability to manage the system in the future. It was advice rushed out in panic by Qnap when they have forwarded SSH out on the internet and now apparently nobody dare to question it.
Last edited by P3R on Mon May 03, 2021 7:32 pm, edited 3 times in total.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
-
- Getting the hang of things
- Posts: 53
- Joined: Fri Jun 30, 2017 3:24 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Mousetick wrote:Saved for posterity:
Interesting. When they say "targeting QNAP NAS directly connected to the Internet with unpatched old versions of HBS", don't they really mean "targeting QNAP NAS directly connected to the internet, as we've never suggested not to or warned you about, running the last published and auto-updated version of HBS"???
Asking for a friend...
-
- Guru
- Posts: 13183
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
If more disks than your RAID can manage had failed, if the NAS had been fried by a thunderstorm or if it had been stolen you would have lost all your files. The way to protect your data from all these and other threats (including ransomware) is to do external backup copies of the data.
Can someone please show or direct me step by step how to isolate my two NASes (251 and 451) from the internet? I only need it on my local network to stream videos, and it is currently plugged through my router.
- Stop using the DMZ feature in the router/firewall for the Qnap if you've been doing that.
- Remove any manual port forwarding in the router/firewall that points at the Qnap if you have done that.
- Go to the myQNAPcloud app in the web administration, click Auto Router Configuration and then disable UPnP port forwarding.
- If possible, disable UPnP port forwarding in your router/firewall as well.
- Reboot the router/firewall.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
-
- New here
- Posts: 5
- Joined: Mon Apr 26, 2021 3:13 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
I have a qnap device with 2 hard drives. I use one of the disk for system and the other for backup. Is there an application that can encrypt the backup disk and back up only with a password?
- Ericnepean
- Know my way around
- Posts: 132
- Joined: Mon Jul 02, 2012 4:35 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
What I do for back up is this:
I have a drive dock attached to the QNAP and three 3.5" hard drives, A,B,C.
About once every week or two (more often if there is new content), I copy all my user files to the next hard drive in the sequence - A-B-C-A-B-C-A....
Immediately after backup, I put the backup drive in the closet. In tornado season, one of the drives is kept at a friends house.
No encryption needed (I did try encrypting the drives, but Iost some data because I couldn't remember the password correctly)
No special SW needed.
Eric in Ottawa, Canada
TS-251A with 2x 6TB Seagate IronWolf in RAID 1
TR-004 with 4x 4TB HGST in RAID 5
DS923+ with 4x10GB WD Red in RAID 5
TS-251A with 2x 6TB Seagate IronWolf in RAID 1
TR-004 with 4x 4TB HGST in RAID 5
DS923+ with 4x10GB WD Red in RAID 5
- Razorblade
- Starting out
- Posts: 11
- Joined: Thu Apr 22, 2021 7:14 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Totally agree. They know no sense of shame.Barboots wrote: ↑Mon May 03, 2021 4:00 pm Interesting. When they say "targeting QNAP NAS directly connected to the Internet with unpatched old versions of HBS", don't they really mean "targeting QNAP NAS directly connected to the internet, as we've never suggested not to or warned you about, running the last published and auto-updated version of HBS"???
-
- Guru
- Posts: 13183
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Internal backups are unfortunately very ineffective, regardless if encrypted or not. Take for example a ransomware, it will easily encrypt both the original data and backup. They also offer no protection against anything that will take out the NAS like fire, flooding or theft. Also why encrypt the backup when a thief won't remove and steal only your backup disk? He will steal the whole NAS with both your main data and the backup.
It's better to remove the backup disk and use it in a USB-connected drive dock/enclosure. If not constantly powered on, it's at least a slightly better better protection than what you have now. Also it will be a nice single partition and not the multi-partition format of internal disks. Make sure that you can restore data from your backup disk when used separately, without the NAS. If not your internal backup disk will be useless when the NAS fail.
The next step up will be to have at least two backup disks used in a rotating scheme like Ericnepean describe, with at least one backup disk always stored off-site to protect against on-site disasters.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
-
- New here
- Posts: 5
- Joined: Mon Apr 26, 2021 3:13 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Without a password, data cannot be saved on the backup disk. Write protected hard drive
The ransomware will not be able to encrypt the data on the backup disk, as it will not be able to enter the password.
I meant that.
The ransomware will not be able to encrypt the data on the backup disk, as it will not be able to enter the password.
I meant that.
-
- Guru
- Posts: 13183
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Okay the volume encryption available in Qnap work the way you want it if you manually unlock it before and lock it after every backup.
Yes if you do volume encryption as suggested above instead of file encryption in the backup software but what you forget is that a ransomware can still easily destroy the backup, it doesn't have to encrypt it. When the ransomware is inside the system, as it is with Qlocker, it can do anything and all bets are off. That is one of several reasons why an internal backup is a bad idea. External backups offer much better protection and the more external the backups are, the better.The ransomware will not be able to encrypt the data on the backup disk, as it will not be able to enter the password.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
-
- Starting out
- Posts: 18
- Joined: Thu Jun 23, 2011 5:34 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
UPDATE 06.05.2021: Possibility tested -> failed
Possible Solution <- needs check ->
Can Please somebody Reach out to me who has paid for the Service on this Wallet: 3EPBKN3bcax81U3MdKYUhMC1fzFEFGPC6E?
I might have a solution to this problem. but I need to double check if first.
Best would be: You paid the hackers - and you have extracted all your files already - so you are "already" off the hook.
So I can start to mess around with your TXID/ClientID.
If this works - we be able to steal passwords
Possible Solution <- needs check ->
Can Please somebody Reach out to me who has paid for the Service on this Wallet: 3EPBKN3bcax81U3MdKYUhMC1fzFEFGPC6E?
I might have a solution to this problem. but I need to double check if first.
Best would be: You paid the hackers - and you have extracted all your files already - so you are "already" off the hook.
So I can start to mess around with your TXID/ClientID.
If this works - we be able to steal passwords
Last edited by icetealight on Thu May 06, 2021 2:51 pm, edited 1 time in total.
-
- Starting out
- Posts: 18
- Joined: Thu Jun 23, 2011 5:34 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
UPDATE 06.05.2021: Possibility tested -> failed
UPDATE
If you are obliged to make a payment on Wallet
3DhE1iZ5Ui6HALVKuuYXW52ArZPVJjUgJA
We can try to get your password - let me know
UPDATE
If you are obliged to make a payment on Wallet
3DhE1iZ5Ui6HALVKuuYXW52ArZPVJjUgJA
We can try to get your password - let me know
Last edited by icetealight on Thu May 06, 2021 2:52 pm, edited 1 time in total.