https://www.qnap.com/en-us/security-advisory/qsa-21-15
AgeLocker Ransomware
- Release date: April 29, 2021
- Security ID: QSA-21-15
- Severity: High
- Affected products: QNAP NAS running QTS 4.3.x
- Status: Investigating
The QNAP security team has detected ransomware in the wild known as AgeLocker.
Our initial investigation has found that devices infected by the ransomware typically exhibit the following characteristics and symptoms:
- The affected devices run QTS 4.3.x.
- The file name of the ransom note is HOW_TO_RESTORE_FILES.txt.
- Encrypted files are hidden and their file names start with a period (.).
- The extension of the encrypted files is a random meaningless string (for example, “.udUS”, “WD51”).
- The ransomware empties system event logs and system connection logs in System Logs.
To secure your device, we strongly recommend regularly updating QTS and all installed applications to their latest versions to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.
To further secure your device, do not expose your NAS to the internet. If you must connect your NAS to the internet, we highly recommend using a trusted VPN or a myQNAPcloud link.
Updating QTS
- Log on to QTS as administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
QTS downloads and installs the latest available update.
Updating All Installed Applications
- Log on to QTS as administrator.
- Go to App Center.
- Select My Apps.
- Beside Install Updates, click All.
A confirmation message appears. - Click OK.
QTS updates all your installed applications to their latest versions.
V1.1 (May 11, 2021) - Initial investigation results added
V1.0 (April 29, 2021) - Published
Prior to this, AgeLocker was a known QNAP ransomware from last year: https://www.qnap.com/en-us/security-advisory/qsa-20-06