Taiwanese manufacturer QNAP sent a notification to all NAS users last week to update their firmware and all apps. New ransomware called AgeLocker can infect systems that are not up to date, encrypt data and make ransom demands.
AgeLocker has been operating since June and uses the AGE algorithm to encrypt files. That algorithm is considered cryptographically secure, meaning that encrypted files cannot be unlocked without paying money to the hackers.
Precisely because of the secure encryption, it is crucial that owners with a QNAP NAS thoroughly secure their device and keep it up-to-date.
QTS in Photo Station
Last week, QNAP two sources identified which allows AgeLocker to access QNAP devices. The first gateway is the QNAP firmware called QTS. The second way is through one of the default apps that come pre-installed on recent QNAP systems.
Whoever updates QTS to the latest version is protected against AgeLocker ransomware attacks. According to QNAP, old QTS versions pose a big risk. QNAP does not say which version you are at risk from. The manufacturer does encourage an active update policy to prevent such problems.
In addition to a vulnerability in an old version of BTS, QNAP has also found a leak in old versions of the Photo Station app. Here, too, periodically updating NAS apps is always important to limit any security risks.
Tip: QNAP NAS servers target large malware campaign
–