What should I do when found nas is encrypting my files by 7z?
Applied models:
- All NAS Series
Applied Firmware:
-
All QTS Firmware Versions
We believe that the attack is related to CVE-2020-36195 and CVE-2021-28799:
https://www.qnap.com/en/security-advisory/qsa-21-11
https://www.qnap.com/en/security-advisory/qsa-21-13
We strongly recommended updating your NAS Firmware, Malware Remover, Multimedia Console, HBS3 Hybrid Backup Sync and Media Streaming Add-on to the latest version, as well as changing the default web port 8080 (And please do not reboot or shutdown the NAS). If you are using legacy models with firmware version 4.2.6 and HBS2, they would not be affected by the above attack.
If your data have been encrypted, you may follow the instructions below to attempt recovery of encrypted files:
Manually Install QRescue to recover Qlocker-encrypted files on QNAP NAS
