NAS Madness! Qnap Qlocker Ransomware, Synology BTRFS Controversy and Protecting Yourself!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everybody it's lanzai but it's time once again for your weekly wrap-up and this week we're going to talk about nascarvation or aggravation about network attached storage devices there was some big stories in the nas world over the last two weeks uh one involved qnap and ransomware and another involves synology that some say might be ransomware coming from the company let's get to it [Music] now in case you don't know what a nas is it is short for a network attached storage and a lot of consumers have been getting interested in these devices because we're all generating gigabytes of content even if it's just family photos and videos and people are looking for ways to store that stuff and one of these things can really do that quite well you plug it into your network and in many cases they replicate a lot of what you would get from a cloud service provider including all of the different apps that different providers offer without having to spend a monthly fee you got to pay up front and then you've got this thing working the problem is is that by default many of these devices connect themselves to the internet automatically and that creates a lot of vulnerabilities if you're not keeping an eye on things and the most recent example of this is the q locker ransomware attack that was going all over the globe over the last couple of weeks and what this does is it looks for qnap devices that are accessible on the internet and then it actually just uses a vulnerability to encrypt your files with the built-in 7zip archive utility so they generate a crazy password that's impossible to guess they encrypt everything and then they want money to unlock the files and qnap being one of the largest nas providers in the world has a lot of targets out there so when people are looking at designing these kinds of ransomware attacks they're going to look for something that they can hit a lot of devices all at once with and there were many many victims many of whom were surprised to be hit with it now one of the victims of this was a youtuber named tfi and he lost about eight terabytes of data to this attack including some things that were really important to him personally like some family photos and videos and whatnot and it shows you the risks that you have with one of these things if you're not really paying attention to what it is doing on your network because for the most part they really encourage you to get this thing accessible to the outside world qnap uses something called my qnap cloud that will work with your router's upnp features to basically poke holes in your firewall so that you can get at your qnap device when you're away from home and i think there are some things that it does by default even outside of qnap cloud that enable those upnp features we'll talk more about disabling those features in a minute on the synology side when you're setting up the nas device one of the steps is to enable their version of this called quick connect and they just encourage you to create this account and get everything set up and create your quick connect id so you can very easily get at your nas device when you're away from home and if you don't want to do that they have this link down here that is basically the same color as the background that you can use to skip that step and i would strongly encourage all of you to skip that step because once these things are available to the world if there is an exploit that's discovered you're going to be a target almost immediately because again hackers look for widely distributed devices to get the best bang for their buck now my big concern with these features is that the nas manufacturers really are not communicating the risks to the user when they enable them nor are they guiding them into something that might be more complicated like a vpn but will be more secure for the user and i think what's happening here is that they're advertising all of these cool features that put these products on par with a cloud service but in order to get those to work you got to punch holes in the router and rather than have the user go through the process of understanding what they're about to do they just punch all those holes in there so the apps will work and i think that's the track that they've kind of led users down which opens the door to this kind of malware taking hold and this is not the first time this has happened about a year or two ago qnap got hit with another piece of malware which was actually more sinister than this one called cue snatch check out that zd net article to read all about what it does but it would actually install software and make it so you couldn't get the malware off the device without wiping it out it got so bad that federal authorities here in the u.s got involved along with their counterparts in the uk so definitely check that article out and synology's had some issues too recently around the same time synology devices were getting hit with ransomware uh synology at that point didn't believe there was any vulnerability here beyond the fact that their devices were findable when hackers were doing these broad scans of the internet and believe it or not it doesn't take long to scan the whole internet these days especially if you have a botnet looking for open ports and when they found a synology device probably through one of these quick connect addresses they were going into those devices using the admin username and then trying to guess the password with brute force so around this time a lot of people saw a lot of attempted and failed logins as this hacking group was attempting different passwords and in many cases a consumer setting this up might just use a very weak password along with the admin username and then the malware got installed now all that said these nas devices can be very useful in a variety of different scenarios i use them all the time i like them because they're reliable they're relatively stable they don't consume all that much power and i have a lot of storage that i have on my network that stores all the important stuff that i need to get my work done but there are some things that you really need to pay attention to to make sure that all that data doesn't get compromised and the most important thing is to make your nas invisible to the internet now this will make accessing your nas remotely less convenient especially if you have a number of users getting into it but at the same time losing all of your data is going to be far more of an inconvenience than having to come up with some alternative scenarios for getting at your data so that's priority one here is to get that invisibility going i pulled this down from the qnap support pages about how to disable qnap cloud you might want to dive into it a little bit further to get more details about some of the other dials you might need to spin to completely disable everything on the synology side they have an option here for disabling quick connect as you can see i've got mine disabled right now on mine and then you got to go over to your router and disable upnp and any port forwarding that you might have set up to your nas that isn't necessarily needed for all the things that you're trying to do outside of your home or office and when you disable upnp this might create some issues for other devices that you have on your network but the reason why i always recommend disabling it is that upnp essentially allows your router to open up holes that expose your stuff to the internet without your direct intervention when these things boot up they see if the router has upnp if it does it says okay hey open up all these different ports for me and then anyone scanning the net is going to find whatever is on the other end of that port and cause some exploits to happen so again we're giving up some convenience here but i think it's important so that you can gain control over what gets in to your network from the outside this is what it looks like on my ubiquity router everyone's router has some different setting but they generally all call it the same thing upnp and many routers out there have this enabled by default now you ask how will i get to my stuff from the outside well the best way to get at it from the outside is to use a vpn and this gets confusing because you hear all of these vpn services advertising to you all the time this is different this is having a vpn running in your office or home i have mine running on the router itself and that's often the best way to get it enabled if you have that feature on your router a lot of the higher end routers these days have that if you don't have a vpn running on your router there are a lot of ways to get one running in your home one of the easiest ways believe it or not is to use a raspberry pi i did a whole video tutorial on that and actually some of these nas devices actually have a vpn server built in that might be worth looking at but i think having a separate device is probably the best way to go and this is something that you'll connect to when you're on the road and when you get into your vpn your nas is available at its local ip address but anyone else scanning the web is not going to see your nas device unless they have your password and your certificate and your username for your vpn which of course is highly unlikely so use a vpn that's going to keep everything off the net but still give you the ability to access things remotely now the next suggestion is to create an admin account on your nas device that is not called admin come up with some other username and use a secure password with that username that you're not using anywhere else why because if the default is admin and someone is trying to brute force their way into your nas they're going to know half of what they need to know to log into it so get rid of admin come up with some other username give them full administrative access and then again use a secure password that is very hard to guess next check for updates and do that frequently it looks like qnap had started updating their nas devices right when this malware attack began and a lot of people didn't get the update automatically now when i set up my synology nas here it was setting a schedule for when it would install updates as they came down i think this might have been what it had on the default when i first got it going i would suggest having it look every night at a time that's convenient for you maybe two or three in the morning when you're sleeping or something just to make sure you don't miss an update especially if some zero day comes out but i found it's often useful to go in and check to make sure it's on the most recent version anyhow because on a few occasions i've logged in and found that it never installed the update automatically because some app wasn't yet updated so i had to go in and do all that myself so i would maybe add it to your to-do list maybe once a week to go in and check and make sure that it is getting all of its updates in automatically because you never know when those auto updates will fail now like every precautionary security thing there will be inconveniences and in this case what can happen is that when the nas updates its operating system it might disable an application that was working on it prior to that update it's happened to me a few times you do have to keep on top of this stuff but again i'd much rather deal with that than have somebody log into my nas and encrypt all my files or worse so again inconvenience and security are always in some degree of imbalance there now there are also things that can happen when these updates come down including sometimes ransomware from the manufacturer itself now let me show you what happened here with synology recently so synology has a file system called btrfs it's an advanced file system that allows you to take snapshots of specific directories so that let's say ransomware comes onto your system you can just roll back to a prior snapshot before everything got encrypted it's pretty cool how it works but it only works on their higher end intel based nas devices i think the lowest priced one is around four or five hundred bucks and what happened is that some folks were on the low end of the intel line and maybe upgraded to a multi-drive arm-based nas that doesn't support bt rfs but synology allowed these people to migrate from the old device to the new one without any error messages or warnings or anything else it continued to allow bt rfs to work on a device that says it doesn't support bt rfs and that was until they pushed an update down that for many people got installed automatically and when these folks came back to their nas to grab a file they saw that there was no data available because they basically said this device doesn't support bt rfs even though it did a week ago it doesn't now and you got to go buy a new one in order to be able to get at your data again by putting those drives into the new device and one of the great features of synology is how easy you can migrate from one device to the other just by putting the drives in basically and that was something that should have been told to the user when they did the migration not a few months or years after they did that and this is the response from synology as to what you can do about it basically go out and buy another one that supports it or you won't get your data back not cool you can check the link down below and get a little bit of feedback from the users that are currently dealing with this problem so the big question here is whether or not this is worth the aggravation now for someone like me and likely you watching it probably is worth the aggravation because again these are really useful storage appliances that can really help a workflow if installed and used properly now i get calls from friends all the time though looking for solutions for their photos and videos of the family that are accumulating they're using external hard drives they got data all over the place and they're trying to consolidate into something that's easier and there was a time where nas might have made a lot of sense there but the problem is is that the use case that they're after is something that is requiring external access maybe the family wants to get into the album maybe they want to show pictures of the kids when they're on the playground or something all of those things where you've got to get in from the outside opens the door for what we've been talking about here and potentially damaging very important memories without backups now if you look at what the cost of one of these things are here's the entry-level synology nas the 220 j with two hard drives at two terabytes to get the mirrored data redundancy on there you're looking at 310 dollars and that doesn't account for having to maintain a proper backup and having some additional things to make that backup happen now if you look at what a cloud service costs you with the same capacity it actually is very competitive because for a third of that price you can get a whole year on google with two terabytes of storage they've got a great photo manager through google photos with some crazy scary search capabilities on it you get all the other google stuff including the google drive as part of your deal there and i'm pretty sure you can bring in the whole family under that plan as well and you don't have to deal with it you don't have to manage the security the it's relatively secure provided your passwords are up to date and you've got two-factor authentication on there and it's somebody else's problem to keep all of that stuff running right and then your family can also get in and do whatever you want them to do within those applications apple has a pretty good deal with their icloud storage i pay 10 bucks a month for 2 terabytes that not only gives me storage but it also allows my family to make use of it as well so i'm backing up about 700 or 800 gigabytes of photos and videos to icloud and then my wife's phone and ipad are backed up there along with the kids ipads it all just goes in there and it just works and it's very tightly integrated with the rest of the apple devices we own if you have an amazon prime account you get access to their photo storage for free right now and they don't limit what you put into it based on file size you have to pay for video storage but full resolution photos with a prime account are free and they've got a pretty good photo album there as well flickr actually looks pretty reasonable too five bucks a month unlimited storage i don't think they store video on flickr but still a pretty competitive option there if you're looking for safe and secure photo storage again you're putting your stuff somewhere else you have to trust that the company's still going to be there yada yada but i think there are some things to consider here especially given that you can pay 300 bucks up front or pay less than that and get a pretty good service that will give you the security and convenience that you're looking for now you could argue there are some cost savings with going with the nas because you pay 300 bucks one time and it's yours versus 100 or 120 dollars a year but at the same time the nas starts to have maintenance issues when you get into the third or fourth year related to drive replacement and everything else the nas we were just looking at has a two year warranty so if it dies in the two and a half year mark you're going to have to get a whole new one so you know at the end of the day it kind of balances out and many of these cloud services do offer you ways to secure a local backup to what you're also uploading to the cloud that again might be easier for the average consumer to manage but still if you want to own and control your data there's nothing better than a nas and i often recommend to my techie friends to consider one but when i start talking about some of these caveats and security issues with friends that are not as tech savvy they often decide to go the cloud route and for many people it's usually a click of a button on a phone and their problem is solved and they can solve it for around what they would pay to roll their own now this week's wrap-up is being brought to you by all of you we had some super chatters who contributed during a recent live stream they include zam desert and tim shadler we also have some new supporters on the channel including larry smith and carl harada who gave via the donor box page david bird and chris sterner contributed via patreon and juan tolino contributed via the youtube membership program i want to thank everyone for their support of this channel this week and everyone who's been contributing on an ongoing basis and all of you who just watch on a regular basis too because all of those things are important and they all contribute to the growth of the channels i want to thank everyone for their support and if you want to support the channel you can you can go to lawn dot tv support and make a monthly or a one-time contribution as you heard we support patreon the youtube membership program my donor box page and we support float plane which is the linus tech tips platform which i've been enjoying being a part of we have other channels you can find me on listed here including my live streams that you can see on the link on screen there and if you go to that link it will take you to my amazon live stream page where you can follow me and i found that they are a little better with their notifications than youtube can be so if you want to get notified whenever we pop on live i typically come on randomly in the afternoon definitely give me a follow over there you can follow me on other places too including our facebook group we have our email list at london.tv email which is very infrequent i only email if we've got something big coming up and then we have my store where i sell previously reviewed items that i purchased and you're going to be buying the item that we actually reviewed here on the table and if you want to get alerted when those items go up because there's only one of everything you can sign up for my email alert at lawn dot tv store alert and that is going to do it for this week's weekly wrap-up thank you all for your continued support i would love to hear your thoughts on today's topic down in the comments section i'm sure we'll have a lot of opinions on that and until next time this is lon simon thanks for watching this channel is brought to you by theland.tv supporters including gold level supporters chris allegretta tom albrecht jim callagher hot sauce and video games and brian parker if you want to help the channel you can by contributing as little as a dollar a month head over to lawn dot tv support to learn more and don't forget to subscribe visit lawn dot tv s

Info

Channel: Lon.TV

Views: 29,009

Rating: undefined out of 5

Keywords: NAS, Qnap, Qlocker, ransomware, Synology, BTRFS, controversy, network attached storage, cloud storage, Lon Seidman, Lon Reviews Tech, Lon.TV

Id: LiegbTlC_Nc

Channel Id: undefined

Length: 21min 19sec (1279 seconds)

Published: Mon May 24 2021