QNAP Hacked - Advice for Future Secure Data Storage

akd on 09/03/2022 - 09:50
Last edited 09/03/2022 - 10:28 by 1 other user

My Qnap NAS got hacked and got a ransomware message from a hacker. I was a bit shocked that Qnap's products can also get hacked so easily. It is possible but wasn't expected. Qnap team is currently helping to recover the files.

Currently, media files (photos/videos) are on NAS and Google, public/shareable files are on Google Drive and OneDrive. personal files (software keys, scanned certificates, bills etc) are on NAS. Data is around 1 TB excluding media. No movies or torrents. I consider them disposable.

I like your advice and suggestions to secure data for the future - Photos/Videos, Shareable files, personal files.

1 - Should we have multiple cloud storage accounts? pro -multiple data backups, cons - paying multiple times.

2- Which cloud storage is recommended? should I consider any other than Google Drive and OneDrive. Is it recommended to avoid small providers as they can shut their shop anytime?

3 - Do manual backups at home with multiple hard disks?

4- Any good videos for home networking for beginners? I googled a few but was not satisfied as they try to cover for 10 TB plus options and the cost for servers/software is too much for small data (1 TB)

Thanks in advance

Computing NAS QNAP

Related Stores

QNAP
QNAP

Comments

  • trankillity on 09/03/2022 - 10:17
    +12

    Don't make it accessible outside your internal network, simple. If you still need access outside your home, set up a VPN into your home.

    But yes, you definitely should be backing anything critical on your NAS up to a cloud provider. NAS' are not fireproof…

    • akd on 09/03/2022 - 10:50

      Thanks, I don't need personal documents outside my home. I can keep public documents on the cloud and personal documents on multiple HDs at home.

      set up a VPN into your home

      I haven't done that and don't know how to do it. I used VPN on mobile only. Should I add VPN in the router or each windows PC?

      NAS' are not fireproof…

      One mistake I made was that I synced the files with pc folders, not backed up on NAS. I need to fix it.

      • Gronk on 09/03/2022 - 13:32
        +1

        I haven't done that and don't know how to do it. I used VPN on mobile only. Should I add VPN in the router or each windows PC?

        Path of least resistance will be if your router has a VPN service pre-installed which you can simply enable. Then all you do is download the key and add it to the VPN client on your mobile (I use OpenVPN) and you should be good to go.

        Rule of thumb is that a NAS is not a backup, I back mine up monthly to a 10tb HDD.

        • trankillity on 09/03/2022 - 20:34

          NAS is totally fine for a backup in a RAID configuration that supports redundancy. But it shouldn't be your ONLY backup for important files.

          As for VPN, I handle this directly on my router to avoid any other vectors for attack. Each router will be different and may not support it. If you just want to do it on your NAS, then there's a pretty detailed tutorial which was the first result on Google for "qnap vpn"…

          • Chandler on 10/03/2022 - 10:10

            @trankillity:

            NAS is totally fine for a backup in a RAID configuration that supports redundancy.

            #raidisnotabackup

            If OP had their NAS configured in RAID they now have two (or more) sets of ransomware'd data (or striped ransomware'd data with one or more sets of ransomware'd parity) - congratulations.

            RAID only protects you from drive failure. That is it's only feature. Delete a file? RAID copy is gone. Edit a file? RAID copy is edited. Corrupt a file? RAID copy is corrupted. Disk 1 dies? All good: Disk 2 is a duplicate of it (or Disks 2,3,4 & 5 can be used to rebuild Disk 1)

            But it shouldn't be your ONLY backup for important files.

            Agreed. At least follow the 3-2-1 rule, if not the 3-2-1-1-0 rule.

            • trankillity on 10/03/2022 - 10:30
              -2

              @Chandler: Yes, RAID is a backup, provided you are following the 3-2-1 rule.

              1 copy on local machine, 1 copy on NAS, 1 copy synced from NAS to cloud.

              Pretty much all NAS have this capability.

              • Chandler on 10/03/2022 - 11:31

                @trankillity:

                Yes, RAID is a backup, provided you are following the 3-2-1 rule.

                Redundant Array of Independent Disks. RAID provides redundancy in the case that one of those independent disks has a failure. The only situation RAID is suitable as a "backup" is disk failure.

                I'm not saying people shouldn't use RAID - they should. But they shouldn't think that because they've got a RAID they've got a backup.

                Should you use RAID? Yes - I believe it should be used as a part of any storage system, especially for important files.
                Is it a backup when used alone? No.

                #raidisnotabackup

                1 copy synced from NAS to cloud.

                So if either the NAS copy or the cloud copy get erased/edited/corrupted or ransomware'd, both copies are erased/edited/corrupted/ransomware'd?

                A synced copy is not a backup (with some exceptions1). An automatically two-way synced copy is certainly not a backup - it is a copy that is located elsewhere for convenience or in the case that you have a device loss/failure (i.e. lost phone, stolen NAS, fire, etc).

                1. If the cloud service provides versioning, then I would call that a form of backup. But then how long does that cloud service keep prior versions? 30 days? 5 versions? xxGB/% of storage? Indefinitely? Do you have any control of how it handle's versioning? 

              • Miami Mall Alien on 21/03/2022 - 14:34
                -1

                @trankillity: Mate, get a clue. RAID is not a backup.

                Anyone who works in IT as a Sys Admin or in the MSP/support space would laugh at you if you seriously tried to argue RAID is a backup.

                the 3-2-1 rule.

                1 copy on local machine, 1 copy on NAS, 1 copy synced from NAS to cloud.

                Once again, go and Google what the 3 2 1 rule actually is.

                3 copies of the same data on 2 different media and one of those backups sitting at an off-site location (it could either be cloud-based or a physically separate location from where the primary data resides).

    • CyberMurning on 09/03/2022 - 15:56

      @trankillity OP said he didnt enable access from outside. so what do you think how can he got hacked?

      • trankillity on 09/03/2022 - 20:31

        Most likely by default QNAP exposes NAS to external via a redirect or via a portal on their cloud service (I know that Synology does this). So unless he specifically disallowed external access, it was likely enabled by default. Without 2FA, you should 100% expect intrusion attempts. Compute is cheap, so brute force password attacks (not to mention haveibeenpwned.com) are easy routes in.

        • CyberMurning on 10/03/2022 - 10:29

          huh.. i have syno. so what "redirect or via a portal on their cloud service " is that and what do you suggest/do to reduce the risk ? im quite noob on this i dont even know how to work on dockers for example

          • trankillity on 10/03/2022 - 10:33
            +1

            @CyberMurning: For Synology - Log into DSM, go to Control Panel, go to External Access, turn off QuickConnect and ensure that the rules in Router Configuration haven't been applied.

            That should ensure you cannot connect to your NAS externally. For bonus points, you can add specific deny firewall rules on your router - but that's on you to investigate as it's different for every router.

            • CyberMurning on 10/03/2022 - 22:22

              @trankillity: @trankillity i am trying now, do you mean go to control panel and:
              go to external access, disable DDNS support (i had one previously enabled) and go to routerconfig tab and disable/untick all
              go to quickconnect, disable quickconnect

  • dust on 09/03/2022 - 10:45

    So what did you do?

    • akd on 09/03/2022 - 10:53

      for hacked NAS, I contacted QNAP and they are helping to recover the files.
      For the future, I am seeking advice.

  • kiitos on 09/03/2022 - 11:25

    Another option is keeping a copy of the backups off-site yourself, eg at a family member's home. But it has drawbacks like not being current like a cloud backup can be.

  • bazingaa on 09/03/2022 - 11:43
    +2

    I still believe in backing up to good old optical media :D I backup most valuable files such as photos to 25 GB Verbatim BD-R + 2 copies in 2 external HDDs + 1 resized copy in Google Drive.

  • CtrlAltSpoods on 09/03/2022 - 11:58
    +2

    For number 3 - I have tackled this one by setting up a site-to-site VPN and keeping offsite backups.
    Each week it will re-upload the changes for that week.
    I also rotate 2 separate portable HDD's quarterly…

    The things you have to do to safely store data without some company claiming ownership of it..

  • CyberMurning on 09/03/2022 - 12:01

    so how the hack happened ? did you open the port so you can access from outside (ie when you are travelling or from office) ?
    did you disable username "admin" ?
    how complex is your admin password ?

    • akd on 09/03/2022 - 13:47

      The admin password was complex enough with all basic security requirements (but not too long of16 characters).
      My understanding of the hack reason is - A few weeks ago, I had issues syncing files from mobile to NAS. I reset the NAS settings to default and then changed back as many I could remember. Definitely, I forget some.
      I don't access the files outside the home - for some reason, I could never access them. At home with WiFI, I can access files on the mobile but never could access them outside on a mobile connection.

      • CyberMurning on 09/03/2022 - 15:55

        hmm that is strange, you dont enable access from internet (outside) but still get hacked.
        that is weird.. i dont think the default setting for any NAS is to enable the above.
        definitely not for Synology.

        yeah getting it accessible is not easy but i had managed to get it work but after few weeks i disable it as not wanting to take risk. it was fun, like i can initiate torrent download from office etc.

        alright next step is disable admin username and create new username make it as admin

  • Davo1111 on 09/03/2022 - 15:40

    you didnt update for a year?

    • akd on 09/03/2022 - 16:56

      I do update NAS as the notification comes. I was one step behind the latest update, although the Malware app was not working for some time.
      I accessed files almost daily. The issue started last week.

      • avoidfullprice on 09/03/2022 - 22:56

        The vulnerability you posted was dated April 2021. There has been multiple monthly updates released. Unsure what you meant by "one step behind"

        If installing the latest update is not enough, I have concerns.

        That said, does having multiple cloud accounts really solve your problem vs having an offline backup? Like not just to an ext hdd next to your qnap but have it physically kept elsewhere.

        • akd on 10/03/2022 - 08:41

          I checked with Qnap of the attack date and effect on me now. They mentioned that some of the old system were vunerable especially if the security is not strong enough. The main issue might be old and not working malware removal app.
          Either way, lessons learnt and I need to educate myself for more security and multiple backups.

          • Chandler on 10/03/2022 - 10:17
            +1

            @akd:

            The main issue might be old and not working malware removal app.
            Either way, lessons learnt

            Lesson learnt (in my opinion) is don't tie yourself to a product that won't be supported at some point in the future.

            QNAP will stop supporting/updating at some point. That may be because they close up shop; get purchased and the new owners don't want to continue supporting the product; they want to stop supporting older hardware; hell, the world could move on and "computers" become the new Betamax/VHS. Doesn't matter why really, you've now got a security vulnerability.

            • CyberMurning on 10/03/2022 - 10:28
              +1

              @Chandler: my syno (11 years old) has become not eligible to receive o/s update.
              they warned/announced before so i am fully aware. but it is working fine and im not sure if i can sell it for a decent price therefore still hesitant to upgrade

  • vbgr8 on 21/03/2022 - 10:22

    Hi @akd, Were you able to fix the issue yet? I've been hit by the same ransomware and can access my personal files as it asks for the password to extract all the infected files. Please reply should you be able to fix the issue.

    • akd on 21/03/2022 - 10:38

      Hi @vbgr8, I contacted the Qnap support team and they guided me through the process. They fixed the Malware Remover app and ran the QRescue tool to recover the files. The recovery process is still going on and may take days. The support team, although in Taiwan, is very helpful

      • vbgr8 on 21/03/2022 - 12:24

        I went through the same process. After the recovery process completed, they were only able to recover 65% of my data. I can't afford to loose rest of my data as it includes lot of personal files. Its hard to digest. Looking for some solutions here, if, somehow, I can get all of my data back.

        • akd on 21/03/2022 - 15:23

          I was also told the same thing - Not all the data can be recovered. I have some very important personal data and a lot of other files that are relatively less important. I have to wait and see. No idea what to do, if I miss important files recovery.

          • vbgr8 on 23/03/2022 - 16:43

            @akd: After researching from so many different resources, I've concluded that the data can't be recovered or the files can't be decrypted with any possible way.
            Moreover, what I've found that this intrusion is just a starting point. Please make sure that you add the proper security to your router (and NAS) otherwise it may effect the other devices connected to your network.
            Also, the files that QNAP support has recovered are the very small in size. eg. the photo files that were 7 or 8MB have been reduced down to 70 or so KB, which is not good at all. Not happy at all with QNAP.

            • akd on 23/03/2022 - 18:55

              @vbgr8: I am getting the same feeling. The data recovery process is too slow and mine will take more than a month.

              I was thinking to use cloud storage in future but that also can be non-reliable. After the suggestions and feedback, I will go to the old school method - multiple hard drives and manual backups.

              Another mistake that I made was that rather than copying the files on NAS from the hard drive, the files were syncing with NAS. So now my hard drive files are also corrupted.

    • CyberMurning on 21/03/2022 - 10:41

      Omg.. two users, same issue.. this looks scary….

      Yeah synology also from taiwan and they are very responsive and good, maybe better than some local companies

Login or Join to leave a comment
Login Join