[SECURITY NEWS] Take Immediate Actions to Secure QNAP NAS

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
GravStorm
New here
Posts: 3
Joined: Mon Jan 10, 2022 10:10 am

Re: [SECURITY NEWS] Take Immediate Actions to Secure QNAP NAS

Post by GravStorm »

derekzeanah wrote: Sun Jan 09, 2022 1:06 am Is there something else to check to confirm it's just bad timing here?
Wondering the same. I support IT for small businesses and manage 8 QNAP NAS units at various locations. Yesterday (Jan 8th), 4 of them went offline. Trying to connect via a browser issued a redirect and would timeout. Rebooting brought them all back online. I have gone thru and updated all firmware and apps and have run the Security Counselor. One of the 4 was connected to myQNAPCloud, the rest were not. None were directly exposed thru open ports or have UPnP enabled. I have now disconnected that 1 unit from myQNAPCloud and will only manage these from behind their firewalls. Not sure what else I can do.

To say I'm spooked is an understatement. QNAP did not reply to my service request. Anyone else have an idea of what's going on?
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: [SECURITY NEWS] Take Immediate Actions to Secure QNAP NAS

Post by Moogle Stiltzkin »

when i'm in doubt i'll check the status of my hdds, wipe them, reflash qts firmware, and make sure nas is not exposed to the internet. and during all this i have a backup ready just in case whatever happens.

managing qnaps at various locations... how r u doing that? are u using a vpn? :'
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
GravStorm
New here
Posts: 3
Joined: Mon Jan 10, 2022 10:10 am

Re: [SECURITY NEWS] Take Immediate Actions to Secure QNAP NAS

Post by GravStorm »

Either VPN into the router or remote into a workstation behind the firewall and then connect via HTTP from inside the network. NAS isn’t exposed and no open ports on the router. Looks like a ton of reports of QNAPs all over going offline since Friday. Hope the cause is found soon.
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: [SECURITY NEWS] Take Immediate Actions to Secure QNAP NAS

Post by Moogle Stiltzkin »

well if ur using vpn on routerside, and u update your router n other devices regularly, then not sure y its like that :/

the only recent news i heard was qvpn had some vulnerability (u probly want to uninstall that). probly disable that and just use ur vpn on router only.

myqnapcloud if u dont need it, disable it. helpdesk also disable it when not actively using when requiring assistance from qnap for remote assistance.
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
P3R
Guru
Posts: 13190
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: [SECURITY NEWS] Take Immediate Actions to Secure QNAP NAS

Post by P3R »

GravStorm wrote: Mon Jan 10, 2022 10:23 am To say I'm spooked is an understatement. QNAP did not reply to my service request. Anyone else have an idea of what's going on?
No but there is nothing that suggest this is a security/intrution issue. It sound much more like a bug when multiple non-exposed systems go unresponsive at night.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
GravStorm
New here
Posts: 3
Joined: Mon Jan 10, 2022 10:10 am

Re: [SECURITY NEWS] Take Immediate Actions to Secure QNAP NAS

Post by GravStorm »

That's good news, hopefully QNAP issues a formal cause soon. With the security alert they sent out the day before and the recent ransomware attacks, I guess I'm on edge.
User avatar
Toxic17
Ask me anything
Posts: 6469
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: [SECURITY NEWS] Take Immediate Actions to Secure QNAP NAS

Post by Toxic17 »

I'm loving this new page too:

https://www.qnap.com/en-uk/support/con_ ... cation_bar

only visited qnap.com to check something.
Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
User avatar
Cbrad01
Know my way around
Posts: 245
Joined: Fri Jan 15, 2016 9:17 pm

Re: [SECURITY NEWS] Take Immediate Actions to Secure QNAP NAS

Post by Cbrad01 »

Moogle Stiltzkin wrote:when i'm in doubt i'll check the status of my hdds, wipe them, reflash qts firmware, and make sure nas is not exposed to the internet. and during all this i have a backup ready just in case whatever happens.

managing qnaps at various locations... how r u doing that? are u using a vpn? :'
I have switched to using TeamViewer to remote connect to my NASs. No port forwarding, direct access to the website, and all seems to be working fine.


Sent from my iPhone using Tapatalk
User avatar
jaysona
Been there, done that
Posts: 846
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: [SECURITY NEWS] Take Immediate Actions to Secure QNAP NAS

Post by jaysona »

Toxic17 wrote: Mon Jan 10, 2022 11:51 pm I'm loving this new page too:

https://www.qnap.com/en-uk/support/con_ ... cation_bar

only visited qnap.com to check something.
Wow! QNAP is really giving The Three Stooges comedy routine a run for their money these days. :lol:

It seems like quality control and release control are not even part of the QNAP programming lexicon anymore. :roll:
RAID is not a Back-up!

H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15

Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
AlastairStevenson
Experience counts
Posts: 2415
Joined: Wed Jan 08, 2014 10:34 pm

Re: [SECURITY NEWS] Take Immediate Actions to Secure QNAP NAS

Post by AlastairStevenson »

I'm loving this new page too:

https://www.qnap.com/en-uk/support/con_ ... cation_bar

only visited qnap.com to check something.
No date, no version or build info.
That's not the way to issue such an announcement!
TS-431+ for storage and media and a bunch of IP cams under Surveillance Station. TVS-473 as files backup and QVR Pro.
Osborne
First post
Posts: 1
Joined: Sun Jan 09, 2022 11:55 pm

Re: [SECURITY NEWS] Take Immediate Actions to Secure QNAP NAS

Post by Osborne »

SOLVED AFTER NAS REBOOT

Hello ,
I'm new here.

My NAS files were encrypted by the ransomware..( "fortunately" this ransomware is unable to encrypt .mkv, wav, flac and DSD files)

My concern is that Malware Remover has been deactivated/uninstalled by the ransomware.

When I click on the "Malware remover" icon , i get a "The requested URL was not found on this server."

How to force Malware remover uninstall then do a fresh install ?

I'm a bit surprise that there is no forum dedicated to the security ? maybe I missed it ? please let me know

Thanks !
P3R
Guru
Posts: 13190
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: [SECURITY NEWS] Take Immediate Actions to Secure QNAP NAS

Post by P3R »

AlastairStevenson wrote: Tue Jan 11, 2022 12:48 am No date, no version or build info.
That's not the way to issue such an announcement!
I agree of course but unfortunately that is the least of the problems with Qnap right now... :roll:
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
User avatar
dolbyman
Guru
Posts: 35021
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [SECURITY NEWS] Take Immediate Actions to Secure QNAP NAS

Post by dolbyman »

Osborne wrote: Tue Jan 11, 2022 1:22 am My NAS files were encrypted by the ransomware..( "fortunately" this ransomware is unable to encrypt .mkv, wav, flac and DSD files)
It's not a limitation of the malware, but why spend valuable encryption time on pirated movies or re-downloadable audio? .. it was deliberately programmed to skip these files
User avatar
Toxic17
Ask me anything
Posts: 6469
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: [SECURITY NEWS] Take Immediate Actions to Secure QNAP NAS

Post by Toxic17 »

dolbyman wrote:
Osborne wrote: Tue Jan 11, 2022 1:22 am My NAS files were encrypted by the ransomware..( "fortunately" this ransomware is unable to encrypt .mkv, wav, flac and DSD files)
It's not a limitation of the malware, but why spend valuable encryption time on pirated movies or re-downloadable audio? .. it was deliberately programmed to skip these files
Maybe Qnap will next recommend we rename all our files to .mkv wav and flac, that way they will be safe from ransomware :lol:


Sent from my iPhone using Tapatalk
Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
User avatar
dolbyman
Guru
Posts: 35021
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [SECURITY NEWS] Take Immediate Actions to Secure QNAP NAS

Post by dolbyman »

This little known trick makes your files safe .. click here to know more
Locked

Return to “Users' Corner”