[SECURITY ADVISORY] eCh0raix Ransomware

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
User avatar
spile
Been there, done that
Posts: 637
Joined: Tue May 24, 2016 12:13 am

Re: [SECURITY ADVISORY] eCh0raix Ransomware

Post by spile »

Mousetick wrote: Sat May 29, 2021 9:57 am I'm better than you and you're wrong and yadda yadda yadda.

Way to ruin a thread that's supposed to inform and help users. I feel sorry for the confused lost users who come here in search of answers. Instead they find stories about cats in micro-waves, and people fighting over who's the smartest and koolest.
I get this. The approach I take is to recommend a risk assessment rather than giving simplistic “do this” advice that is well intentioned but could put the user at greater risk because it often ignores the user’s circumstances, can be at odds with other advice and may be misunderstood. A link to trusted sites and advice is the most useful advice imho. Clearly many advisors on here are weary of having to repeat the same advice but I am sure that getting similar messages from a number of different trusted advisors will result in the message sinking in.
Of course Qnap technical support could help themselves but that’s another can of worms...
elvisimprsntr

Re: [SECURITY ADVISORY] eCh0raix Ransomware

Post by elvisimprsntr »

spile wrote: Sat May 29, 2021 2:04 pm

I get this. The approach I take is to recommend a risk assessment rather than giving simplistic “do this” advice that is well intentioned but could put the user at greater risk because it often ignores the user’s circumstances, can be at odds with other advice and may be misunderstood. A link to trusted sites and advice is the most useful advice imho. Clearly many advisors on here are weary of having to repeat the same advice but I am sure that getting similar messages from a number of different trusted advisors will result in the message sinking in.
Of course Qnap technical support could help themselves but that’s another can of worms...
Link to trusted sites, you ask?

https://search.us-cert.gov/search?utf8= ... query=qnap

https://www.qnap.com/en/security-advisories/

https://www.cvedetails.com/vulnerabilit ... 303223ed90

https://www.bleepingcomputer.com/search ... F-8&q=qnap
Derek s
Starting out
Posts: 18
Joined: Fri Jun 22, 2018 1:29 am

Re: [SECURITY ADVISORY] eCh0raix Ransomware

Post by Derek s »

Hi all,
Firstly, thank you for all your replies, especially those that have taken time and effort to provide some useful guidance.

I use my Nas as follows:

1. I back up all my data from my pc to it (2 WD reds, raid 1)
2. That data is backed up every night to idrive (which backed up all the qlocker 7zip files but left the original files in tact)
3. I, and four family members access all my multimedia photos, home video and music files from anywhere in the world via the qnap qphoto, qvideo and qmusic apps on ipads and android phones using individual accounts with read only access to multimedia folders only . I also use either web access or qmanager for remote admin.

So, not exposing my Nas to the internet would negate all the above and make the whole kit pointless.

I naively bought this kit on the basis that the manufacturer was supplying all the required default settings and supporting apps that made it safe for me to do what I required (and advertised) without requiring a fountain of internet protocol knowledge, other than plugging it into my broadband router. (Although I have added a UPS after a power fail frigged the thing taking me considerable time to reset back to working)

From some of the above responses it looks like I was sadly mistaken. I have a router supplied by my supplier(Plusnet) but have no idea if its possible to setup any form of VPN on it (or how that would impact my family via the q apps) and have less idea about port forwarding or whatever.

Again, thank you all for your input, however, the way forward for me is going to be cloud and offline backups, strong passwords, updated firmware and apps supported by blind hope.

I have also stopped putting cats in microwaves and will not be driving my car until I have a degree in motor mechanics!

Thanks to all, Derek.
User avatar
Cbrad01
Know my way around
Posts: 245
Joined: Fri Jan 15, 2016 9:17 pm

Re: [SECURITY ADVISORY] eCh0raix Ransomware

Post by Cbrad01 »

dolbyman wrote:I said it many times before .. for 95% of all end user it's better to not expose the NAS at all .. no IF's, BUT's or COCONUT's brings years or decades of user-files back because people have no clue what they are doing and believe in juicy marketing promises ... so it still stands

DO NOT EXPOSE YOUR NAS TO WAN
Exposing any device that is not purpose built to be exposed to the internet is a bad idea. Lots of folks seem to ignore that simple fact.
Port forwarding is not necessarily bad if done correctly, but so many folks just click a checkbox and call it good, which is bad. I forward a port for Plex through my SonicWall which tears down the traffic (man in the middle) inspecting each pack and then sends it on if it’s “clean”.
Now I trust Plex enough to maintain secure code and not just be dumb.
Problem with QNAP is I don’t trust them so I do not allow any QNAP app to access the internet. Additionally I spend a couple of hours maintaining my firewall rules and it’s a pain.
Do not believe the marketing crap about how easy it is to make your own cloud. Unless you know what you are doing and plan on spending time on care and feeding do not expose anything to the internet and do not open any holes in your firewall..


Sent from my iPhone using Tapatalk
User avatar
spile
Been there, done that
Posts: 637
Joined: Tue May 24, 2016 12:13 am

Re: [SECURITY ADVISORY] eCh0raix Ransomware

Post by spile »

elvisimprsntr wrote: Sat May 29, 2021 5:49 pm
spile wrote: Sat May 29, 2021 2:04 pm

I get this. The approach I take is to recommend a risk assessment rather than giving simplistic “do this” advice that is well intentioned but could put the user at greater risk because it often ignores the user’s circumstances, can be at odds with other advice and may be misunderstood. A link to trusted sites and advice is the most useful advice imho. Clearly many advisors on here are weary of having to repeat the same advice but I am sure that getting similar messages from a number of different trusted advisors will result in the message sinking in.
Of course Qnap technical support could help themselves but that’s another can of worms...
Link to trusted sites, you ask?

https://search.us-cert.gov/search?utf8= ... query=qnap

https://www.qnap.com/en/security-advisories/

https://www.cvedetails.com/vulnerabilit ... 303223ed90

https://www.bleepingcomputer.com/search ... F-8&q=qnap
Yes those. I would also add
https://www.ncsc.gov.uk/news/legacy-ris ... as-devices

Independent sources especially Government ones top trump those that rehash existing news or contain lots of pop up adverts. Forums and especially YouTube are not as high up the list for me but the former win in terms of rapid news. A combination of trusted sources nail it for me.

As for steps to take, many most of the above point to the manufacturers site which for some on here may not be the ideal. There are a few independent “keep your NAS safe” sites (not YouTube) that are up to date and not littered with adverts but I can’t say I would particularly recommend as single one, so back to...
https://www.qnap.com/en/how-to/faq/arti ... s-security
AlastairStevenson
Experience counts
Posts: 2415
Joined: Wed Jan 08, 2014 10:34 pm

Re: [SECURITY ADVISORY] eCh0raix Ransomware

Post by AlastairStevenson »

Port forwarding is not necessarily bad if done correctly,
There is no 'correct' way to do port forwarding.
Whatever you do, such as changing the ports away from defaults - you are allowing the entire internet in to the device.
That's asking for bad consequences.
my SonicWall which tears down the traffic (man in the middle) inspecting each pack and then sends it on if it’s “clean”.
How would it spot the use of valid, hard-coded credentials, which was the most recent HBS3 attack vector?
Or the various remote command execution vulnerabilities recently being exploited?
It wouldn't, they'd be seen as benign.
TS-431+ for storage and media and a bunch of IP cams under Surveillance Station. TVS-473 as files backup and QVR Pro.
Post Reply

Return to “Users' Corner”