QNAP tells NAS users to update firmware to avoid new type of ransomware

AgeLocker ransomware has been seen infecting QNAP NAS systems since June.
Written by Catalin Cimpanu, Contributor
Image: QNAP

Taiwanese hardware vendor QNAP urged customers last week to update the firmware and apps installed on their network-attached storage (NAS) devices to avoid infections with a new strain of ransomware named AgeLocker.

The ransomware has been active since June this year when it first began making victims.

It was named AgeLocker for its use of the Actually Good Encryption (AGE) algorithm to encrypt files. The AGE encryption algorithm is considered cryptographically secure, which means encrypted files can't be recovered without paying the ransom demand.

Techniques like brute-forcing the encryption key or identifying weaknesses in the encryption scheme are not reliable against AGE.

The impossibility of recovering encrypted files without paying the ransom demand is why users should take care to secure QNAP NAS devices.

Last week, QNAP said it identified two sources of how AgeLocker gains access to QNAP devices. The first is the QNAP device firmware (known as QTS), while the second is one of the default apps that come preinstalled with recent QNAP systems (named PhotoStation).

"QNAP's initial investigation showed that no unpatched vulnerabilities are [currently] found in QTS. All known [AgeLocker-]affected NAS are running older, unpatched QTS versions," the company said in a blog post.

"[The] QNAP Product Security Incident Response Team (PSIRT) has found evidence that the ransomware may attack earlier versions of Photo Station," the company also said in an alert on September 25.

Older versions of the PhotoStation app are known to contain security flaws.

Its two discoveries are why the company is now recommending and providing instructions on how users can update both QTS and the PhotoStation app.

"Once again, QNAP urges users to periodically check and install product software updates to keep their devices away from malicious influences," QNAP said.

This is the same advice QNAP gave to NAS owners earlier this year when devices were also targeted by another ransomware strain known as eCh0raix.

Inside an encrypted external hard drive -- in pictures

Editorial standards