Security ID : QSA-21-15

AgeLocker Ransomware


  • Release date : April 29, 2021

  • Affected products: QNAP NAS running QTS 4.3.x

Severity

Important

Status

Resolved


Summary

The QNAP security team has detected ransomware in the wild known as AgeLocker.

Our initial investigation has found that devices infected by the ransomware typically exhibit the following characteristics and symptoms:

  • The affected devices run QTS 4.3.x.
  • The file name of the ransom note is HOW_TO_RESTORE_FILES.txt.
  • Encrypted files are hidden and their file names start with a period (.).
  • The extension of the encrypted files is a random meaningless string (for example, “.udUS”, “WD51”).
  • The ransomware empties system event logs and system connection logs in System Logs.

Recommendation

To secure your device, we strongly recommend regularly updating QTS and all installed applications to their latest versions to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.

To further secure your device, do not expose your NAS to the internet. If you must connect your NAS to the internet, we highly recommend using a trusted VPN or a myQNAPcloud link.

Updating QTS

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
    QTS downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.

Updating All Installed Applications

  1. Log on to QTS as administrator.
  2. Go to App Center.
  3. Select My Apps.
  4. Beside Install Updates, click All.
    A confirmation message appears.
  5. Click OK.
    QTS updates all your installed applications to their latest versions.

Revision History:
V1.0 (April 29, 2021) - Published
V1.1 (May 11, 2021) - Initial investigation results added
V2.0 (December 30, 2021) - Status updated

Teknik Özellik sSçin

      Daha fazla göster Daha az

      Diğer ülkelerde/bölgelerde bu site:

      open menu
      back to top