- Release date: May 14, 2021
- Security ID: QSA-21-18
- Affected products: QNAP NAS devices
- Status: Investigating
The eCh0raix ransomware has been reported to affect QNAP NAS devices. Devices using weak passwords may be susceptible to attack.
We strongly recommend users act immediately to protect their data.
If you have any questions regarding this issue, please contact us through the QNAP Helpdesk.
Recommendation
To avoid infection, we recommend the following actions:
- Use stronger passwords for your administrator accounts.
- Enable IP Access Protection to protect accounts from brute force attacks.
- Avoid using default port numbers 443 and 8080.
- Log on to QTS or QuTS hero as administrator.
- Click the profile picture on the Task Bar.
The Options window opens. - Click Password Settings.
- Specify the old password.
- Specify the new password.
QNAP recommends the following criteria to improve password strength:- At least 8 characters in length
- Include both uppercase and lowercase characters
- Include at least one number and one special character
- Must not be the same as the username or the username reversed
- Must not include characters that are consecutively repeated three or more times
- Verify the new password.
- Click Apply.
- Log on to QTS or QuTS hero as administrator.
- Go to Control Panel > System > Security > IP Access Protection.
- Configure SSH protection.
- Select SSH.
- Specify a time period, the number of failed login attempts, and the duration for blocking an IP address that has reached the number of failed login attempts within the time period.
- Configure HTTP(S) protection.
- Select HTTP(S).
- Specify a time period, the number of failed login attempts, and the duration for blocking an IP address that has reached the number of failed login attempts within the time period
- Click Apply.
- Log on to QTS or QuTS hero as administrator.
- Go to Control Panel > System > General Settings > System Administration.
- Specify a new system port number.
Warning: Do not use 443 or 8080. - Click Apply.