Last week, the Finnish Cyber Emergency Response Team of Transport and Communications Agency discovered the malware “QSnatch”, which attacks QNAP’s network storage solutions.
According to the detection team, the malware modifies the firmware settings of the network storage and blocks future vendor updates, making it impossible to remove and lock it out. From this convenient position, the program steals the access data and communicates with remote command and control servers. This way, strangers can gain access to their own network storage. In addition, it is theoretically possible to reload further malware modules and thus cause damage in other ways.
The Federal Administration’s Cyber Emergency Response Team (CERT) also warns of the malware. It was announced via Twitter that about 7,000 QSNAP devices are currently affected in Germany. According to the Federal Administration’s CERT, the devices affected are those that can be accessed from the Internet and are operated with an outdated firmware version. The Finnish CERT expressed itself similarly.
As a protective measure against an infection of one’s own network storage, it is therefore a good idea not to connect it to the Internet in the first place. If the device is already affected, the Finnish Transport and Communication Agency says resetting the network storage to the factory settings will help. The latest version of the firmware should then be installed. Whether updating the firmware will help to avoid a (new) infection with QSnatch is currently not clear.
The Finnish team also advises to change all passwords of the network store, remove unknown user accounts, update all other applications, delete unknown applications, install the QNAP malware remover and create an access control list for the device.