NAS owners should consider taking their devices off the internet urges QNAP after discovering aggressive AgeLocker ransomware activity in the wild

QNAP NAS Drive AGELocker Ransomware
NAS Drive owners, take precautions to protect your data. Pic credit: Andrew Currie/Flickr/CC BY-SA 2.0

Network Attached Storage (NAS) device owners should not expose their hardware to the internet, urges a popular NAS device maker. A security advisory is offering some important advice to minimize the chances of AgeLocker ransomware attacks.

An aggressive form of ransomware is once again on the loose, and it is targeting NAS devices. QNAP, a popular maker of NAS drives has issued a security advisory that all NAS device owners must follow to protect their hardware and data from infection.

AgeLocker ransomware samples discovered in the wild:

Earlier this year, a malware strain was targeting NAS devices. Called Dovecat, the malware silently installed itself on devices that offer access to storage drives over the network. The malware secretly mined cryptocurrency.

The new piece of malicious software is ransomware. Taiwanese hardware vendor QNAP has issued a security advisory about the same.

As the name implies, AgeLocker is ransomware. It steals and encrypts victims’ files, and seeks monetary compensation to send over an unlock key.

Security researchers first discovered the AgeLocker ransomware back in July 2020. The malware has already targeted QNAP NAS devices worldwide in a September 2020 campaign.

The malware relies on an encryption algorithm known as AGE (Actually Good Encryption). It succeeds the GPG encryption algorithm for encrypting files, backups, and streams.

Ransomware decryption expert Michael Gillespie has indicated that AGE uses the X25519 (an ECDH curve), ChaChar20-Poly1305, and HMAC-SHA256 algorithms. Simply put, encryption is very strong and cybersecurity companies cannot break the same easily.

The compensation sought by the creators of the AgeLocker ransomware varies wildly. According to a few reports about victims, the creators demand about 7 Bitcoins, which roughly translates to $64,500.

Needless to mention, the AgeLocker ransomware seems to be going after the masses. The creators do not seem to be selecting their targets.

This means any average NAS device user could become a victim and discover his files locked away behind a virtual vault. Ransomware creators usually leave a simple text file or email address to establish contact.

How to secure a NAS drive from ransomware?

NAS devices are often stored away, generally out of sight. Users rarely, if ever, perform routine maintenance. Simply put, these devices work silently, and users take a look only when the NAS drives start giving trouble.

It seems malware, ransomware, and virus creators prefer NAS devices with outdated software or firmware. Hence, the best way to protect NAS drives from potential attacks is to update the onboard firmware.

QNAP stresses users must regularly update QTS or QuTS hero, and all installed applications to their latest versions. Doing so helps the device benefit from vulnerability fixes.

Log on to QTS or QuTS hero as administrator. Head over to the Control Panel > System > Firmware Update. Under Live Update, click Check for Update. This should update the device with the latest firmware.

Thereafter, head over to App Center > My Apps. Check the All option before clicking Install Updates, and click OK on the confirmation message to update all installed apps.

In addition to the aforementioned steps, NAS drive or device owners should use strong passwords, and remove old or unused accounts. Users should also uninstall unused applications. As an added precaution, users should not grant internet access to their NAS devices.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x

Warning: Undefined variable $posts in /home/thetechherald/public_html/wp-content/themes/generatepress_child/functions.php on line 309

Warning: Trying to access array offset on value of type null in /home/thetechherald/public_html/wp-content/themes/generatepress_child/functions.php on line 309

Warning: Attempt to read property "post_author" on null in /home/thetechherald/public_html/wp-content/themes/generatepress_child/functions.php on line 309