AgeLocker Ransomware Targeting QNAP NAS Devices
Situation
The AgeLocker ransomware has been reported to target QNAP NAS, Linux, and macOS devices.
Problem
Researchers found that no unpatched vulnerability has been exploited in the use of AgeLocker ransomware attack, whereas all the known affected QNAP NAS Devices, where running older versions of QNAP QTS, needs to be updated. Additionally QNAP Product Security Incident Response Team (PSIRT) has also found evidence that the ransomware may attack earlier versions of Photo Station app.
Implication
If an attacker is able to successfully install the AgeLocker ransomware on a QNAP NAS, Linux, or macOS device they would be able to encrypt all files on the device with no way to decrypt it without the attackers key. The attackers could also steal all files found on the device before encrypting them.
Need
QNAP strongly recommends updating QTS and all installed applications to their latest versions to benefit from vulnerability fixes. For additional information please visit the links below.
QNAP Security Advisory:
https://www.qnap.com/en-in/security-advisory/qsa-20-06