Qnap, a NAS Device Vendor, Recommends Update after Recent Fix addresses a critical security vulnerability.
Previous to the fix, Qnap had included hard-coded credentials to serve as a backdoor to the device.
Unfortunately, hackers became aware of this and began abusing those credentials. That resulted in several confirmed instances where hackers gained access to the device via the backdoor, then installed ransomware and encrypted all of the files on the device.
The issue is tracking as CVE-2021-28799, and at this point, it has already been resolved.
All you need to do is to download and install the latest version of the software your device uses, which will be one of the following:
- QTS 4.5.2: HBS 3 Hybrid Backup Sync 16.0.0415 and later
- QTS 4.3.6: HBS 3 Hybrid Backup Sync 3.0.210412 and later
- QuTS hero h4.5.1: HBS 3 Hybrid Backup Sync 16.0.0419 and later
- QuTScloud c4.5.1~c4.5.4: HBS 3 Hybrid Backup Sync 16.0.0419 and later
To update HBS on your NAS device, log into QuTS Hero or QTS as an administrator and do a search for the phrase “HBS 3 Hybrid Backup Sync” in the App Center. Once you’ve found that, click “Update” and “Ok” to start the process. Note that if your software is already up to date, then the “Update” button will be greyed out.
This is not the first time that hackers have targeted QNAP, a NAS device vendor. Given the sensitive data they invariably contain, they’re almost the perfect target for ransomware attacks. Qnap is issuing guidance relating to how to check your device for the presence of malware.
- Change all passwords for all accounts on the device
- Remove unknown user accounts from the device
- Make sure the device firmware is up-to-date and all of the applications are also updated
- Remove unknown or unused applications from the device
- Install QNAP MalwareRemover application via the App Center functionality
- Set an access control list for the device (Control panel -> Security -> Security level)
Make sure you’re up to date as soon as possible. Qnap’s security patch should be given the highest priority.