QNAP NAS devices are being targeted in attacks by the AgeLocker ransomware, which encrypts the device’s data, and in some cases, steal files from the victim.
AgeLocker is ransomware that utilizes an encryption algorithm called Age (Actually Good Encryption) designed to replace GPG for encrypting files, backups, and streams.
In July 2020, we reported about a new ransomware called AgeLocker that was utilizing this algorithm to encrypt victims’ files.
When encrypting files, it would prepend a text header to the encrypted data that starts with the URL ‘age-encryption.org,’ as shown below.
Since the end of August 2020, AgeLocker, or another ransomware utilizing the same encryption, has been targeting publicly exposed QNAP NAS devices and encrypting their files.
After a victim in the BleepingComputer forums uploaded an encrypted file to ID Ransomware, Michael Gillespie could determine that it was encrypted with the Age encryption.
Gillespie also confirmed that AgeLocker had picked up in activity towards the end of August as they continued to target QNAP devices worldwide.
When the ransomware encrypts files, it will leave behind a ransom note named HOW_TO_RESTORE_FILES.txt that tells the victim that their QNAP device was specifically targeted in the attack.
“Unfortunately a malware has infected your QNAP and a large number of your files has been encrypted using a hybrid encryption scheme.”
Also Read: The Importance Of Knowing Personal Data Protection Regulations
In one submission to ID-R, Michael Gillespie reports that the attackers state they first stole unencrypted files that contain “medical data, scans, backups, etc.”
It is unknown how much they are demanding as a ransom or how the attackers are gaining access to the QNAP devices.
Unfortunately, there is no way to recover files encrypted by AgeLocker for free.
QNAP has previously been targeted by the eCh0raix Ransomware, which exploited vulnerabilities in the device to encrypt data.
At the time, QNAP provided the following steps to make sure you are running the latest firmware and vulnerabilities have been patched:
Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.
QNAP also suggests users update the Photo Station software with the following steps:
Finally, all QNAP owners should go through the following checklist to further secure their NAS and check for malware:
• Change all passwords for all accounts on the device
• Remove unknown user accounts from the device
• Make sure the device firmware is up-to-date, and all of the applications are also updated
• Remove unknown or unused applications from the device
• Install QNAP MalwareRemover application via the App Center functionality
• Set an access control list for the device (Control panel -> Security -> Security level)
Also Read: Basic Info On How Long To Keep Accounting Records In Singapore?