Advisories

QNAP NAS devices running QTS operating system or add-ons with the following versions.

Hybrid Backup Sync versions before:

• 16.0.0415 for QTS 4.5.x
• 3.0.210412 for QTS 4.3.x
• 16.0.0419 for QuTS hero and QuTScloud

Media Streaming add-on versions before:

• 430.1.8.10

Multimedia Console versions before:

• 1.3.4

QTS versions before:

• 4.5.2.1566 Build 20210202
• 4.3.6.1620 Build 20210322
• 4.2.6 Build 20210327
• QuTS hero h4.5.1.1491 build 20201119

If you have a QNAP NAS devices and have not yet applied the latest updates to:

• HBS 3,
• Multimedia Console,
• Media Streaming add-on, or
• QTS operating system.

Affected QNAP NAS devices will have files encrypted in a .7z format and a ransom note will be present on your system labelled “!!!READ_ME.txt”

QNAP has published a support article External Link about how to detect and respond to this incident.

These steps apply for both prevention and mitigation.

Note: Do not restart your QNAP NAS device until step 3, as if there is ransomware running, you may not be able to recover the encryption key and your data. 

1. Make sure that the device is not exposed to the internet, particularly the web interface or file shares.
2. Update and run QNAP Malware Remover. The Malware Remover may be able to recover the password required to recover your encrypted files. If Malware Remover finds the ransomware, it will attempt to recover the password.
3. Once the device is clear of ransomware, update the QTS operating system and all installed add-ons. This is when you can restart your device.