QNAP

​Taiwanese hardware vendor QNAP has added a Security Center with ransomware protection capabilities to the latest version of its QTS operating system for network-attached storage (NAS) devices.

The new Security Center in QTS 5.2 monitors for suspicious file operations to detect and block ransomware threats.

If any unusual activity is detected, customers can choose to have volumes automatically set to read-only mode to prevent files from being modified, create volume snapshots to restore the entire volume when needed, and pause volume snapshot scheduling to avoid crowding out the storage space with abnormal snapshot files.

“This feature actively monitors file activities to preemptively protect data security,” the company revealed in a press release on Tuesday.

“Upon detecting suspicious file behavior, the system swiftly implements protective measures (such as backup or blocking) to mitigate risks and prevent data loss from ransomware threats, attacks, or human error.”

The latest QTS version also adds faster NAS startup and shutdown speeds (by up to 30%), support for TCG-Ruby self-encrypting drives (SED), as well as speedier backup and restoration of Windows systems, disks, folders, and files to their QNAP NAS via the NetBak PC Agent utility.

QTS Security Center monitoring settins
QTS Security Center monitoring settings (QNAP)

​NAS devices are often used for backing up and sharing sensitive files, which makes them valuable targets for attackers who frequently target them to steal or encrypt valuable documents or deploy information-stealing malware.

In recent years, malicious actors have targeted QNAP devices in DeadBolt, Checkmate, and eCh0raix ransomware campaigns, abusing security vulnerabilities to encrypt data on Internet-exposed and vulnerable NAS devices.

QNAP regularly warns customers about brute-force attacks against NAS devices exposed online, which frequently lead to ransomware attacks [1, 2, 3].

The NAS maker has also previously shared mitigation measures for customers with Internet-exposed devices, asking them to:

  • Disable the router’s Port Forwarding function by going to the router’s management interface, checking the Virtual Server, NAT, or Port Forwarding settings, and turning off the port forwarding setting of the NAS management service port (ports 8080 and 433 by default).
  • Disable the QNAP NAS’ UPnP function by going to myQNAPcloud on the QTS menu, clicking “Auto Router Configuration,” and unselecting “Enable UPnP Port forwarding.”

QNAP customers should also use this step-by-step procedure to change the system port number, toggle off SSH and Telnet connections, enable IP and account access protection, and change default device passwords.

Source: www.bleepingcomputer.com