Does your business use a QNAP Network Attached Storage (NAS) device? If so, the Cybersecurity & Infrastructure Security Agency (CISA) urges you to update the firmware to the latest release level.

Hackers released a malware known as QSnatch in 2019 targeting QNAP NAS devices. All QNAP NAS devices are at risk. Thousands of devices have been infected in North America and Europe. Once infected, attackers can prevent administrators from applying new firmware updates.

QSnatch includes functionalities such as:

• replacing the login page and then capturing user’s logins to the NAS
• Scraping credentials and forwarding them off-site
• Allowing the attacker to execute arbitrary code on the device
• Stealing copies of files from the device for further action

What is a NAS?

A NAS is a hardware device that serves as a corporate file system for many corporate users at the same time. For users of Window system, these file systems are often denoted with a “Drive letter” like “F:\”. NAS devices contains 2 or more hard drives and can hold large amounts of corporate data. It is often used as a fault-tolerant appliance that contains data backups of other computers and devices. QNAP is a common brand of NAS device.

If you have a QNAP NAS or need additional storage for your business and are interested in NAS appliances, Atlas Solutions can help you manage these risks and protect your corporate date.