Image by Michael Schwarzenberger from Pixabay

오늘도 기업용 NAS를 검토한다.

고객님께서 말씀하시길,
기존에 큐냅 나스를 사용하고 있었는데 이번에 랜섬웨어에 감염되어 데이터를 못 쓰게 되었다고 한다.
그래서 시놀로지로 제품을 바꾸고 기존 큐냅은 외부 접속이 안 되는 백업용으로 쓰시겠다고 하신다.

큐냅을 타켓으로 한 특정 랜섬웨어가 유행하고 있다는 것은 알고 있었다.
큐냅에서 메일을 보내주어 미리 업데이트 및 패키지 교체를 할 수 있도록 알려 주었고
업데이트를 진행했다.
다행히 내가 관리하고 있는 나스들은 문제가 없는 상태이다.

고객님께서 생각하고 있는 나스 모델(DS920+)을 알려주시어
해당 제품과 함께 더 좋은, 유용한 제품은 없는지 확인하고 알려드릴 예정이다.

검토해 보면 할수록 DS920+는 참으로 가성비가 좋은 제품이다.
물론 업체에서 대중적인 용도로 가성비가 좋은 제품으로 출시했기에 그럴 것이다.
더불어 시놀로지 나스 OS가 대중에게 낯설지 않고 많은 정보를 얻을 수 있다는 장점이 있다.

반면 넷기어 제품의 경우 자체 VPN을 통한 인터넷으로 폴더를 공유할 수 있다는 큰 장점이 있지만,
OS 및 사용 자체가 일반적인 사용자에게는 많이 낯설고, 정보도 부족하고, 
정보는 오직 넷기어 커뮤니티에서 영어로 된 정보만 얻을 수 있다.
넷기어 홈페이지를 통해 나스에 대한 질문을 남겼는데, 아직도 답변이나 연락을 받지 못했다.

전자제품은 확실히 비싼 것이 좋음은 말할 필요가 없는 것 같다.
RN524X 제품은 좋은 성능을 보여줄 것 같지만 가격은 많이 부담스럽다.

고객님께 안내드리고, 어떤 선택을 하실지 들어봐야겠다.

#기업용NAS #NAS검토 #qnap #synology #netgear #랜섬웨어 #DS920+ #큐냅 #시놀로지 #넷기어

4월 23일 QNAP으로부터 비정기 메일이 도착했다.

제목:

Response to Qlocker Ransomware Attacks: Take Actions to Secure QNAP NAS

내용을 보니 큐냅 나스를 공격하는 랜섬웨어가 발생했고 피해를 방지하기 위해서 즉시 조치를 취하라는 내용이었다.

• Malware Remover 최신으로 설치 검사
• Multimedia Console 업데이트
• Media Streaming Add-on 업데이트
• Hybrid Backup Sync 업데이트
• 어려운 비밀번호로 변경
• 기본 8080 관리포트 변경

등의 조치 내용이 담겨있었다.

바로 관리하고 있는 큐냅 나스들의 업데이트를 진행했다.

아래는 큐냅에서 온 메일의 전문이다.
큐냅 사이트에서 확인가능하다. (여기)

2021-04-22

Response to Qlocker Ransomware Attacks: Take Actions to Secure QNAP NAS

Taipei, Taiwan, April 22, 2021 – QNAP® Systems, Inc. (QNAP), a leading computing, networking and storage solution innovator, today issued a statement in response to recent user reports and media coverage that two types of ransomware (Qlocker and eCh0raix) are targeting QNAP NAS and encrypting users’ data for ransom. QNAP strongly urges that all users immediately install the latest Malware Remover version and run a malware scan on QNAP NAS. The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks. QNAP is urgently working on a solution to remove malware from infected devices.

QNAP has released an updated version of Malware Remover for operating systems such as QTS and QuTS hero to address the ransomware attack. If user data is encrypted or being encrypted, the NAS must not be shut down. Users should run a malware scan with the latest Malware Remover version immediately, and then contact QNAP Technical Support at https://service.qnap.com/.

For unaffected users , it's recommended to immediately install the latest Malware Remover version and run a malware scan as a precautionary measure. All user should update their passwords to stronger ones, and the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version. Additionally, users are advised to modify the default network port 8080 for accessing the NAS operating interface. Steps to perform the operation can be found in the information security best practice offered by QNAP (https://qnap.to/3daz2n). The data stored on NAS should be backed up or backed up again utilizing the 3-2-1 backup rule, to further ensure data integrity and security.

For details, please refer to the QNAP security advisory QSA-21-11 (https://qnap.to/3eq7hy) and QSA-21-13 (https://qnap.to/3dygse).

QNAP Product Security Incident Response Team (PSIRT) constantly monitors the latest intelligence to deliver up-to-date information and software updates, ensuring data security for users. Once again, QNAP urges users to take the above-mentioned actions and periodically check/install product software updates to keep their devices away from malicious influences. QNAP also provides the best practice for improving personal and organizational information security. By working together to fight against cybersecurity threats, we make the Internet a safer place for everyone.

About QNAP Systems, Inc.

QNAP (Quality Network Appliance Provider) is devoted to providing comprehensive solutions in software development, hardware design and in-house manufacturing. Focusing on storage, networking and smart video innovations, QNAP now introduce a revolutionary Cloud NAS solution that joins our cutting-edge subscription-based software and diversified service channel ecosystem. QNAP envisions NAS as being more than simple storage and has created a cloud-based networking infrastructure for users to host and develop artificial intelligence analysis, edge computing and data integration on their QNAP solutions.

Media Contacts

marketing@qnap.com