QNAP Ransomware Attack - April 2021

[Mark Kaine]

1 hour ago, dalekphalm said:

QNAP is a brand of NAS (Network attached storage). Modern NAS's are basically servers running custom OS's (typically some variation or custom version of Linux).

 

A NAS has HDD's (or SSD's) inside of it, but a NAS is basically a Server "computer". They're considered "Appliances" because they tend to be much easier to operate.

i see, probably sounds naive , although it's rather lack of  interest, i always thought its just external enclosures with an ethernet port (which it basically is)  i dont do any inhome streaming but if i make  backups  i just use  sata to usb cable... don't even  need an enclosure as long  it's 2.5  form factor.

 

So people connect those  to the internet, or they auto connect? Either way seems  like  asking for trouble lol.

 

[Dujith]

QNAP's caused us being cut off from the internet a few times. Due to malware on them, happend to old and new models.

As a few were running as a NVR i couldnt just put em in a VLAN that had no internet access. In the end we tossed the NVR's and the backup ones i put in a VLAN that has just local access.

 

We are moving in December to a bigger place and will have an IT company setup a more robust backup system without QNAPs. Shame tho, never had any issues till a few years ago.

[dalekphalm]

39 minutes ago, Mark Kaine said:

i see, probably sounds naive , although it's rather lack of  interest, i always thought its just external enclosures with an ethernet port (which it basically is)  i dont do any inhome streaming but if i make  backups  i just use  sata to usb cable... don't even  need an enclosure as long  it's 2.5  form factor.

They're not "just an enclosure with an ethernet port" - though there do exist "basic" NAS's or "Network enabled HDDs" that are more like what you describe.

 

They're servers with purpose built OS's pre-installed on them.

39 minutes ago, Mark Kaine said:

So people connect those  to the internet, or they auto connect? Either way seems  like  asking for trouble lol.

Well it's like any other computer or server. They have a network connection. That connection can access the internet. How you setup that connection is up to you. You could put the NAS into a VLAN that only allows local access if you wanted, just like you could with a regular computer.

 

It also depends on how you configure the NAS and with what services installed - if you don't setup any remote access or any services that use external or cloud based resources, then the NAS is much less likely to be at risk of "hacking" or exploits.

[leadeater]

1 hour ago, dalekphalm said:

It also depends on how you configure the NAS and with what services installed - if you don't setup any remote access or any services that use external or cloud based resources, then the NAS is much less likely to be at risk of "hacking" or exploits.

This is generally the most important, it should be default but all services and extra functions should be off by default so if there are any vulnerabilities found with an included software it's more likely to not be running leaving the majority of customers not vulnerable to being exploited.

 

So for all those NAS appliances owners out there, if you aren't using a feature turn it off. Definitely don't turn them all on just in case you might want it.

 

In my opinion any NAS should come out of the box only capable of providing SMB and NFS network shares.

[StDragon]

On 4/24/2021 at 4:55 PM, leadeater said:

In my opinion any NAS should come out of the box only capable of providing SMB and NFS network shares.

In principle I agree. But your opinion doesn't drive profit via offering value to the consumers whom purchase such devices. A "NAS" is now more of a do-it-all home server appliance, and the apps stores are growing further capability.

 

I'd have to think that at some point IPS goes mainstream on consumer firewalls (subscription of course). Maybe in the next 5 years??

[leadeater]

5 hours ago, StDragon said:

In principle I agree. But your opinion doesn't drive profit via offering value to the consumers whom purchase such devices. A "NAS" is now more of a do-it-all home server appliance, and the apps stores are growing further capability.

Oh they can still do that, just you have to manually enable it in the WebGUI. There's so much garbage on by default that never gets used.