The AgeLocker ransomware, which encrypts the device’s data, and in some cases, steals files from the victim has been targeting the QNAP NAS devices. An encryption algorithm called Age (Actually Good Encryption) is being utilized by the ransomware, that is designed to replace GPG for encrypting files, backups, and streams.
The Agelocker Ransomware that is utilizing this algorithm to encrypt victims’ files, was first reported in July 2020.
When encrypting files, it would prepend a text header to the encrypted data that starts with the URL ‘age-encryption.org,’ as shown below.
AgeLocker or other ransomware utilizing the same encryption, has been targeting publicly exposed QNAP NAS devices and encrypting their files, since the end of August 2020.
Soon after a researcher determined that data was encrypted with Age encryption. At the same time, it was also confirmed that AgeLocker had picked up in activity towards the end of August as they continued to target QNAP devices worldwide.
a ransom note named HOW_TO_RESTORE_FILES.txt is left behind when the files are encrypted by the ransomware. The ransom note informs the victim that their QNAP device was specifically targeted in the attack.
“Unfortunately a malware has infected your QNAP and a large number of your files have been encrypted using a hybrid encryption scheme.”
The researcher also reports that the attackers state they first stole unencrypted files that contain medical data, scans, backups, and other files of similar importance.
It is yet to be determined, how the attackers are getting access to the QNAP devices or how much they are demanding as a ransom.
Currently, there is no way of recovering the files that are encrypted by the Agelocker for free.
Securing the QNAP Device.
The vulnerabilities of the QNAP device were previously targeted by the eChoraix Ransomware.
At the time, QNAP advised following the below-mentioned steps to ensure users are running the latest firmware and the existing vulnerabilities are patched –
- Log on to QTS as an administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
QTS downloads and installs the latest available update
The Update can also be downloaded from the QNAP website by going to Support > Download Center and then perform a manual update for your specific device.
Updating the Photo Station Software with the following steps is also suggested by the manufacturer –
- Log on to QTS as an administrator.
- Open the App Center, and then click.
- A search box appears.
- Type “Photo Station,” and then press ENTER.
- The Photo Station application appears in the search result list.
- Click Update.
- A confirmation message appears.
- Note: The Update button is not available if you are using the latest version.
- Click OK.
- The application is updated.
To further secure their NAS and check for malware, all QNAP owners should go through the following checklist –
- Passwords for all accounts on the device should be changed.
- Any unknown user accounts on the device should be removed immediately.
- Make sure all the applications on the device and the firmware is up to date.
- Remove any unknown or unused applications from the device
- Set an access control list for the device.
To read more, please check eScan Blog