I got hit by malware called Qlocker the other day. It basically zips every file and asks you to pay bitcoin to unlock.
There is a recovery tool called Rescue, but according to reports it’s very cumbersome.
As I had everything backed up, I had the option to wipe the discs and start again. This turned out to be quite beneficial as when I first set up the machine I did it very badly with a single thin volume, the current QTS operating system now has a dramatically better and very easy set-up wizard and I set it as two thick volumes.
Lots of people have been hit by this, worth checking your backups and security.
Have you been on the old pre 5.0 QTS until then? It was known to be vulnerable to those blackmail trojans. Constantly upgrading firmware on routers and operating systems is essential.
You now just have to take real care (by scanning) you didn’t infect your backup drives or other equipment in your network before the trojan got active.
Also check if you have configured other open doors on your router like automatic port release.
It would be important to have a guess how it happened.
The new QTS also has a firewall on board you can activate and a security check to see what you should disable to make it safe.
I guess the disc spinners here now say, that’s why they spin discs…there’s a lot of IT involved in streaming. I’d be interested how music servers like those on the market or the upcoming PSA one are protected.
Just an FYI - Qlocker does NOT require the victim to download/open something. The attacker scans the internet for vulnerable QNAP devices and exploites an existing QNAP vulnerability.
Apparently there was a big attack last year and a new one started middle of this month. I think it is limited to QNAPs. Bitdefender did not get it, which is worrying.
I was up to date on 5.0.
There is good guidance here.
For a music library, the best thing is to attach an external usb and create a backup job in HBS3 using this tool.
It’s more the shock and indignation. Once I got over that, I was quite pleased to have to do a reinstall.
The only faff was that I’d set SED encryption and had to physically remove the drives to get a code on the drive label to wipe them. That involved taking out 3 screws per disk (as they are SSD) and copying in a 50-character password, then screwing back in. In the new set-up I’ve not used SED.
For me the main use is having data in separate locations, now less relevant given I now work from home.
For music libraries, the disc spinners will say “I told you so”, but if set up effectively so it can only be accessed on the home network, like mine is now, there should not be a problem.
Yes exactly that’s the instructions. Bit defender is a windows scanner…I guess you mean the one on the QNAP. If you were on 5.0 I guess you must have had upnp activated, as QNAP says everything over 4.5.2 was safe…strange.
They also wrote Qlocker is no malware, it affects a weakness in pre 5.0 QTS, that’s why it’s so strange you got it with 5.0.
UPNP disabled on my router, and no manual ports open to the internet, hopefully I should be safe from such tomfoolery (I have Synology, which of course has similar malware associated with it, I think it was Synology’s turn a couple of years ago).
I’m not sure its the OSes that are at necessarily at risk, most of them run homegrown linux builds. The real problem comes from all the apps they throw on there. The Qlocker ransomware gets in from a bug in Hybrid Backup which is installed by default. If you use something else for backups, get rid of that app. I have a QNAP and got rid of everything I dont need… and it was a lot.
Not really special,to NAS drives, other than that people usually care less to patch them than their PC.
Such attract usually aim for non patched systems, no matter what they are. In case of a NAS it certainly makes sense for blackmailing, as there’s usually some storage behind it and they are used in companies with need for their data and money to pay for it, too.
