AgeLocker Ransomware Targets QNAP NAS Devices, Steals Data
QNAP NAS devices are being targeted in attacks by the AgeLocker ransomware, which encrypts the device’s data, and in some cases, steal files from the victim.
AgeLocker is ransomware that utilizes an encryption algorithm called Age (Actually Good Encryption) designed to replace GPG for encrypting files, backups, and streams.
In July 2020, we reported about a new ransomware called AgeLocker that was utilizing this algorithm to encrypt victims’ files.
When encrypting files, it would prepend a text header to the encrypted data that starts with the URL ‘age-encryption.org,’ as shown below.
AgeLocker now targets QNAP NAS devices
Since the end of August 2020, AgeLocker, or another ransomware utilizing the same encryption, has been targeting publicly exposed QNAP NAS devices and encrypting their files.
After a victim in the BleepingComputer forums uploaded an encrypted file to ID Ransomware, Michael Gillespie could determine that it was encrypted with the Age encryption.
Gillespie also confirmed that AgeLocker had picked up in activity towards the end of August as they continued to target QNAP devices worldwide.
When the ransomware encrypts files, it will leave behind a ransom note named HOW_TO_RESTORE_FILES.txt that tells the victim that their QNAP device was specifically targeted in the attack.
“Unfortunately a malware has infected your QNAP and a large number of your files has been encrypted using a hybrid encryption scheme.”
Also Read: The Importance Of Knowing Personal Data Protection Regulations
In one submission to ID-R, Michael Gillespie reports that the attackers state they first stole unencrypted files that contain “medical data, scans, backups, etc.”
It is unknown how much they are demanding as a ransom or how the attackers are gaining access to the QNAP devices.
Unfortunately, there is no way to recover files encrypted by AgeLocker for free.
How to secure an encrypted QNAP NAS device
QNAP has previously been targeted by the eCh0raix Ransomware, which exploited vulnerabilities in the device to encrypt data.
At the time, QNAP provided the following steps to make sure you are running the latest firmware and vulnerabilities have been patched:
- Log on to QTS as administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.QTS downloads and installs the latest available update.
Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.
QNAP also suggests users update the Photo Station software with the following steps:
- Log on to QTS as administrator.
- Open the App Center, and then click
.
A search box appears. - Type “Photo Station,” and then press ENTER.
The Photo Station application appears in the search result list. - Click Update.
A confirmation message appears.
Note: The Update button is not available if you are using the latest version. - Click OK.
The application is updated.
Finally, all QNAP owners should go through the following checklist to further secure their NAS and check for malware:
• Change all passwords for all accounts on the device
• Remove unknown user accounts from the device
• Make sure the device firmware is up-to-date, and all of the applications are also updated
• Remove unknown or unused applications from the device
• Install QNAP MalwareRemover application via the App Center functionality
• Set an access control list for the device (Control panel -> Security -> Security level)
Also Read: Basic Info On How Long To Keep Accounting Records In Singapore?
0 Comments