Close

Product

Operating System

Solution

Support

eShop

Where To Buy

About Us

Member United States / Canada - English
NAS- Network Attached Storage
Expansion Units
Cloud Storage
DAS & Accessories
High-speed Network Switches
SD-WAN Routers
Intel x86 Smart Edge Switch
NDR Cybersecurity Appliances
Network Virtualization uCPE
Accessories
Expansion Cards/ Interface Cards
Video Surveillance System
Video Conferencing Appliance
QTS

QTS

QTS is the operating system for entry- and mid-level QNAP NAS. WIth Linux and ext4, QTS enables reliable storage for everyone with versatile value-added features and apps, such as snapshots, Plex media servers, and easy access of your personal cloud.

System
Applications
QuTS hero

QuTS hero

QuTS hero is the operating system for high-end and enterprise QNAP NAS models. With Linux and ZFS, QuTS hero supports advanced data reduction technologies for further driving down costs and increasing reliablility of SSD (all-flash) storage.

System
Applications
QuTScloud

QuTScloud

QuTScloud is the operating system for QNAP Cloud NAS virtual appliances. With the possibility of on-premises and cloud deployment, QuTScloud enables optimized cloud data usage and flexible resource allocation at a predictable monthly cost.

System
Applications
QES

QES

QES is the operating system for dual-controller QNAP NAS models. With FreeBSD and ZFS, QES is flash-optimized, capable of driving outstanding performance for all-flash storage arrays.

System
Product
Resources
QNE Network

QNE Network

QNE Network is the operating system for QuCPE, QNAP's universal customer premises equipment series. Run virtual network functions, freely configure software-defined networks, and enjoy benefits such as lowered costs and reduced management efforts.

System
Applications
QSS

QSS

QNAP Switch System (QSS) is the configuration interface for QNAP's managed switch series. Enable management functions such as link aggregation, VLAN, and RSTP, to take care of your network topology with ease.

System
QuRouter

QuRouter

QNAP’s QuRouter OS simplifies managing high-speed and high-coverage LAN/WAN. With NAT, VPN, security, and QuWAN SD-WAN, network management is made easier and remote connections more secure.

System
Applications
QVR Surveillancee

QVR Surveillancee

QVR Surveillance is QNAP’s network video recorder software solution. It offers subscription-based QVR Elite and perpetual QVR Pro, and can be used with a series of apps, such as face recognition and door access control for a wider range of scenarios.

System
Applications
Resources
QVR Face

QVR Face

QVR Face is a smart facial recognition solution featuring real-time live streaming video analytics from connected cameras. It can be integrated into multiple scenarios to provide intelligent attendance management, door access control management, VIP welcome systems and smart retail services.

System
Applications
Resources
KoiMeeter

KoiMeeter

QNAP smart video solutions provides integrated intelligent packages such as video conferencing and smart retail, boosting productivity for individuals and businesses.

Video Conferencing
Smart Retail
Solution
Support
Where To Buy
About Us
Search

Security ID : NAS-201907-11

Security Advisory for eCh0raix Ransomware

  • Release date : August 12, 2019

  • CVE identifier : N/A

  • Affected products: QNAP NAS devices

Severity

High

Status

Resolved

Summary

The eCh0raix ransomware is reportedly being used to target QNAP NAS devices. Devices using weak passwords and outdated QTS firmware may get infected.

We strongly recommend that users act immediately to protect their data from possible malware attacks.

If you have any questions regarding this issue, please contact us through the QNAP Helpdesk.

Recommendation

To avoid infection, you must:

  1. Update QTS to the latest version.
  2. Install and update Security Counselor to the latest version.
  3. Use a stronger admin password.
  4. Enable Network Access Protection to protect accounts from brute force attacks.
  5. Disable SSH and Telnet services if you are not using them.
  6. Avoid using default port numbers 443 and 8080.

Installing the QTS Update

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
    QTS downloads and installs the latest available update.

Installing/Updating and running the latest version of Security Counselor

  1. Log on to QTS as administrator.
  2. Open the App Center, and then click the Search icon.
    A search box appears.
  3. Type “Security Counselor”, and then press ENTER.
    The Security Counselor application appears in the search results list.
  4. Click Install or Update.
    A confirmation message appears.
  5. Click OK.
    The application is installed or updated to the latest version.
  6. Open Security Counselor.
  7. Click Start Scan.
    Security Counselor scans the NAS for rules.

Changing the Device Password

  1. Log on to QTS as administrator.
  2. Click the profile picture on the QTS Task Bar.
    The Options window opens.
  3. Click Change Password.
  4. Specify the old password.
  5. Specify the new password.
    QNAP recommends the following criteria to improve password strength:
    • Should be at least 8 characters in length
    • Should include both uppercase and lowercase characters
    • Should include at least one number and one special character
    • Must not be the same as the username or the username reversed
    • Must not include characters that are consecutively repeated three or more times
  6. Verify the new password.
  7. Click Apply.

Enabling Network Access Protection

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Security > Network Access Protection.
  3. Configure SSH protection.
    1. Select SSH.
    2. Specify a time period and the number of failed login attempts.
  4. Configure HTTP(S) protection.
    1. Select HTTP(S).
    2. Specify a time period and the number of failed login attempts.
  5. Click Apply.

Disabling SSH and Telnet Connections

  1. Log on to QTS as administrator.
  2. Go to Control Panel > Network & File Services > Telnet/SSH.
  3. Deselect Allow Telnet connection.
  4. Deselect Allow SSH connection.
  5. Click Apply.

Changing the System Port Number

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > General Settings > System Administration.
  3. Specify a new system port number.
    Warning: Do not use 443 or 8080.
  4. Click Apply.

Acknowledgements: Anomali Labs and Intezer

Revision History: V2.0 (August 12, 2019) - Published
V1.0 (July 11, 2019) - Published

Choose specification

      Show more Less

      Choose Your Country or Region

      open menu
      back to top