{"id":870,"date":"2019-11-25T16:26:19","date_gmt":"2019-11-25T16:26:19","guid":{"rendered":"https:\/\/gmt-solutions.co.uk\/V2\/?p=870"},"modified":"2024-01-05T13:01:54","modified_gmt":"2024-01-05T13:01:54","slug":"qnap-security-alert","status":"publish","type":"post","link":"https:\/\/gmt-solutions.co.uk\/V2\/qnap-security-alert\/","title":{"rendered":"QNAP Security Alert"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"870\" class=\"elementor elementor-870\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1dbc67e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1dbc67e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ad6c676\" data-id=\"ad6c676\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-03ed5bf elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"03ed5bf\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-66 elementor-inner-column elementor-element elementor-element-d9589e0\" data-id=\"d9589e0\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-35735bc elementor-widget elementor-widget-image\" data-id=\"35735bc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/gmt-solutions.co.uk\/V2\/wp-content\/uploads\/2019\/11\/149_1.png\" title=\"\" alt=\"\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-inner-column elementor-element elementor-element-09ca99a\" data-id=\"09ca99a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1d6ba4f elementor-widget elementor-widget-text-editor\" data-id=\"1d6ba4f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h4>We&#8217;ve got many clients with QNAP NAS servers (Network Attached Storage) &#8211; if this applies to you, then please read on, for an important security update.<\/h4>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-37143b0 elementor-widget elementor-widget-text-editor\" data-id=\"37143b0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>We have been actively protecting our clients&#8217; servers from virus and malware attacks over the last two weeks.\u00a0 The first news regarding a virus specifically targeting QNAPs came during the first weekend of November, and there have been multiple subsequent warnings.\u00a0\u00a0 The virus called QSnatch is designed to steal user logins and passwords, amend scheduled tasks (such as backups and virus scans), prevent security updates and virus scans.\u00a0 In short, this puts your business data at risk \u2013 and now that one virus has been developed to target QNAPs, you can be sure that more will follow.<\/p><p>As we received the warning out of business hours, Graham took the decision to update all the QNAP servers that we have access to, to protect them.\u00a0 The updates we made were to:<\/p><ul><li>Turn off the default \u201cadmin\u201d login<\/li><li>Set up a GMT administrative login with dual factor authentication (password plus phone code)<\/li><li>Install malware protection (free QNAP utility)<\/li><li>Turn off unused services such as FTP, SSH and VPN (will vary per client)<\/li><\/ul><p>In addition to these changes, we also ran anti-virus and anti-malware scans to check the systems were clean, and updated all the system firmware and applications.\u00a0 The latest QNAP firmware is specifically designed to protect against the QSnatch virus.<\/p><p>Over the last two weeks there have been three of these firmware updates, which each require rebooting the server, checking any backup has completed, and then installing the update which then requires a second reboot.\u00a0 All of these changes have been done outside office hours, to ensure your access to your files has not been interrupted.\u00a0 Each server takes 30 minutes to complete the above system and application updates \u2013 so far this month, it has taken around 2 hours per server.\u00a0 Up until now, we have done this as part of your QNAP backup plan or IT support contract.\u00a0 Unfortunately, as updates are getting more frequent and complex, we cannot afford to continue this as effectively unpaid work.<\/p><p>If you have a QNAP backup contract with us, this provides you with rented storage space on our servers, for your QNAP server to back up to.\u00a0 It also includes a monthly check that the backup has completed according to the QNAP logs.\u00a0 It does not include software updates, virus-checking of the server, individual file level backup testing, restoring of files or guarantee against loss or corruption of files (e.g. if a file is corrupted on your server, the backed up copy on our server will also be corrupted).<\/p><p>We are now offering a QNAP management service, which includes a weekly check of system and firmware updates, and a virus and malware check, for \u00a320 per month plus VAT \u2013 that\u2019s just \u00a35 per week.\u00a0 All updates will be tested on our own QNAP servers prior to being rolled out to clients, to ensure they do not cause any problems.<\/p><p>If you don\u2019t currently have a QNAP backup contract, this is available for \u00a310 per month plus VAT (payable 6-monthly or yearly, or monthly if the backup and management services are taken together).<\/p><p>Alternatively, we can train up to two people in your company how to check and update your server.\u00a0 This will be a one off cost of \u00a350 + VAT for the training session including two remote support calls.<\/p><p>If you have any questions, please do <a href=\"https:\/\/gmt-solutions.co.uk\/V2\/contact\/\">let us know<\/a>.\u00a0 If you would like to read more about the QNAP viruses, please see these websites:<\/p><p><a href=\"https:\/\/www.zdnet.com\/article\/thousands-of-qnap-nas-devices-have-been-infected-with-the-qsnatch-malware\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.zdnet.com\/article\/thousands-of-qnap-nas-devices-have-been-infected-with-the-qsnatch-malware\/<\/a><\/p><p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-warns-users-to-secure-devices-against-qsnatch-malware\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-warns-users-to-secure-devices-against-qsnatch-malware\/<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>We&#8217;ve got many clients with QNAP NAS servers (Network Attached Storage) &#8211; if this applies to you, then please read on, for an important security update. We have been actively protecting our clients&#8217; servers from virus and malware attacks over the last two weeks.\u00a0 The first news regarding a virus specifically targeting QNAPs came during [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29,52],"tags":[],"class_list":["post-870","post","type-post","status-publish","format-standard","hentry","category-security","category-servers"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/gmt-solutions.co.uk\/V2\/wp-json\/wp\/v2\/posts\/870","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gmt-solutions.co.uk\/V2\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gmt-solutions.co.uk\/V2\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gmt-solutions.co.uk\/V2\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/gmt-solutions.co.uk\/V2\/wp-json\/wp\/v2\/comments?post=870"}],"version-history":[{"count":0,"href":"https:\/\/gmt-solutions.co.uk\/V2\/wp-json\/wp\/v2\/posts\/870\/revisions"}],"wp:attachment":[{"href":"https:\/\/gmt-solutions.co.uk\/V2\/wp-json\/wp\/v2\/media?parent=870"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gmt-solutions.co.uk\/V2\/wp-json\/wp\/v2\/categories?post=870"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gmt-solutions.co.uk\/V2\/wp-json\/wp\/v2\/tags?post=870"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}