Malware targeting Network Attached Storage by QNAP

The National Cyber Security Centre have published a joint Alert with their counterparts the CISA in the USA about the potential legacy risk from malware targeting QNAP Network attached storage (NAS) devices.

The alert is around the strain of malware called QSnatch (also known as ‘Derek’). Attackers used this in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP

All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes. The malware has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe.

Once a device has been infected, attackers can prevent administrators from successfully running firmware updates.

To read the full article from NCSC click here

To review the advisory from QNAP on how to patch your devices and what to do if your device has been infected click here


Has your device been infected and does it hold personal information?

Remember that under GDPR you may need to report any data breaches. Follow your company policies and/or seek advice immediately.

You only have 72 hours from identifying an issue to reporting it to the Information Commissioners Office (ICO)

For support with this or any other IT related issues you may have get in touch or have a look at our offer