Network Attached Storage (NAS) device owners should not expose their hardware to the internet, urges a popular NAS device maker. A security advisory is offering some important advice to minimize the chances of AgeLocker ransomware attacks.
An aggressive form of ransomware is once again on the loose, and it is targeting NAS devices. QNAP, a popular maker of NAS drives has issued a security advisory that all NAS device owners must follow to protect their hardware and data from infection.
AgeLocker ransomware samples discovered in the wild:
Earlier this year, a malware strain was targeting NAS devices. Called Dovecat, the malware silently installed itself on devices that offer access to storage drives over the network. The malware secretly mined cryptocurrency.
The new piece of malicious software is ransomware. Taiwanese hardware vendor QNAP has issued a security advisory about the same.
As the name implies, AgeLocker is ransomware. It steals and encrypts victims’ files, and seeks monetary compensation to send over an unlock key.
Security researchers first discovered the AgeLocker ransomware back in July 2020. The malware has already targeted QNAP NAS devices worldwide in a September 2020 campaign.
NEW: QNAP has released a "high" severity security alert today warning customers about attacks from the AgeLocker ransomware grouphttps://t.co/KZd8PBIc8a pic.twitter.com/gAQ1W4Gonj
— Catalin Cimpanu (@campuscodi) April 29, 2021
The malware relies on an encryption algorithm known as AGE (Actually Good Encryption). It succeeds the GPG encryption algorithm for encrypting files, backups, and streams.
Ransomware decryption expert Michael Gillespie has indicated that AGE uses the X25519 (an ECDH curve), ChaChar20-Poly1305, and HMAC-SHA256 algorithms. Simply put, encryption is very strong and cybersecurity companies cannot break the same easily.
The compensation sought by the creators of the AgeLocker ransomware varies wildly. According to a few reports about victims, the creators demand about 7 Bitcoins, which roughly translates to $64,500.
QNAP finds evidence of AgeLocker ransomware activity in the wild https://t.co/mp0xcQi5xO #infosec #ransomware
— Allaboutclait (@allaboutclait) April 29, 2021
Needless to mention, the AgeLocker ransomware seems to be going after the masses. The creators do not seem to be selecting their targets.
This means any average NAS device user could become a victim and discover his files locked away behind a virtual vault. Ransomware creators usually leave a simple text file or email address to establish contact.
How to secure a NAS drive from ransomware?
NAS devices are often stored away, generally out of sight. Users rarely, if ever, perform routine maintenance. Simply put, these devices work silently, and users take a look only when the NAS drives start giving trouble.
It seems malware, ransomware, and virus creators prefer NAS devices with outdated software or firmware. Hence, the best way to protect NAS drives from potential attacks is to update the onboard firmware.
QNAP stresses users must regularly update QTS or QuTS hero, and all installed applications to their latest versions. Doing so helps the device benefit from vulnerability fixes.
No significant spike of AgeLocker submissions to IDR, though (per @malwrhunterteam)
Looks like the attacks are in their incipient stages right now. pic.twitter.com/IL3YOTbu1n
— Catalin Cimpanu (@campuscodi) April 29, 2021
Log on to QTS or QuTS hero as administrator. Head over to the Control Panel > System > Firmware Update. Under Live Update, click Check for Update. This should update the device with the latest firmware.
Thereafter, head over to App Center > My Apps. Check the All option before clicking Install Updates, and click OK on the confirmation message to update all installed apps.
In addition to the aforementioned steps, NAS drive or device owners should use strong passwords, and remove old or unused accounts. Users should also uninstall unused applications. As an added precaution, users should not grant internet access to their NAS devices.