Posts: 9,996
Threads: 393
Joined: Apr 2022
Reputation:
0
Is the QNAP exposed to the 'net??!!
It should be behind a firewall with myQNAPcloud disabled.
...Do you have a Windows PC in your home? If so then it's possible that the PC was compromised and the QNAP shares were attacked from the PC.
If you have a compromised device on your network then everything on your network with file sharing or SSH (Remote Login) is potentially compromised. Check your Macs to see if file sharing is enabled on any of them and if it is enabled then look carefully for similar ransomware messages.
...Did you install the Security Counselor app from the App Center as advised in the ransomware message boards and QNAP support docs?
Posts: 17,873
Threads: 325
Joined: Mar 2024
Sarcany wrote:
Is the QNAP exposed to the 'net??!!
It should be behind a firewall with myQNAPcloud disabled.
...Do you have a Windows PC in your home? If so then it's possible that the PC was compromised and the QNAP shares were attacked from the PC.
If you have a compromised device on your network then everything on your network with file sharing or SSH (Remote Login) is potentially compromised. Check your Macs to see if file sharing is enabled on any of them and if it is enabled then look carefully for similar ransomware messages.
...Did you install the Security Counselor app from the App Center as advised in the ransomware message boards and QNAP support docs?
Is myQNAPcloud particularly risky if you only allow yourself (the admin) access, and have 2-factor authentication enabled?
Posts: 17,873
Threads: 325
Joined: Mar 2024
Thanks! My 2FA isn't text message based - it's the Google Authenticator app, which I'm fairly sure is tied to my device. But, that doesn't protect me from weaknesses in QNAP's infrastructure.
Posts: 23,019
Threads: 575
Joined: May 2025
Reputation:
2
I did have myQNAPcloud running.
Here's what I have done:
* Complete reinitialization of the QNAP, down to factory defaults and reformatting hard drives.
* Did not reactivate myQNAPcloud; the QNAP was unregistered from myQNAPcloud as part of the initialization process.
* QNAP passwords, and TimeMachine QNAP access password changed.
* Scanned my macs with Malwarebytes and Avast. Nothing found.
* Searched macs for any txt files that ransomware leaves behind to tell you what to do, none found.
* Started a trial subscription to Avast to monitor activity going forward.
QNAP runs a version of Linux. My geek son thinks the ransomware was able to add files, but couldn't get any further in linux to modify files that were there. Whatever vulernability it used to get as far as it did was limited and couldn't manage real damage.
Posts: 52,176
Threads: 2,795
Joined: May 2025
Reputation:
1
I don't know if Malwarebytes has the stuff to detect ransomware.
It would seem to me in the best interests of the ne'er do wells to hide it well so it couldn't be removed without major surgery.
There's one other possibility that I've heard of — fake ransomware attacks,
Good that you went proactive, but it's possible the only threat was an empty one, that there was no ransomeware.
Sort of like the 'Your Flash Player is out of date. Click here to update.
Or like a bank robber with his hand in his jacket pocket giving the teller a note saying 'Give me the money, i have a gub'.
Again, smart to treat the threat as real, but it might be that it's not.
I suppose one could argue the threat is real as one was expressed, but that the execution is not.
