Get in Touch
Please get in touch using the form below.
Ransomware groups targeting NAS devices
Overview
A Network Attached Storage (NAS) is a computer connected to a network that allows remote access to the filesystem, often with built-in redundancy or backup features. Ransomware groups have been seen exploiting vulnerabilities in NAS devices to ransom the files and pivot into corporate networks.
The most recent of these vulnerabilities is a remote code execution bug in OpenSSL, a widely-used open source cryptographic library.
Impact
According to Cortex Xpanse, 250000 QNAP and Synology NAS devices are exposed to the public internet.
Vulnerability Detection
Devices running OpenSSL libraries v1.1.1 -> v1.1.1k and v1.0.2 -> v1.0.2y could be vulnerable.
Products which may be affected
– NetApp ONTAP (investigating)
– QNAP NAS running HBS 3 (investigating, as well as an earlier CVE-2021-28799)
– Synology (investigating)
Containment, Mitigations & Remediations
Where possible, don’t expose devices to the Internet.
Where remote access is required it may be advisable to put the service behind a VPN or use IP whitelisting to control access.
Mitre Methodologies
– T1190 – Exploit Public-Facing Application
– T1486 – Data Encrypted for Impact
Further Information
NetApp OpenSSL Vulnerabilities in NetApp Products
QNAP – Out-of-Bounds Vulnerabilities in OpenSSL
New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices