Advertencia de Seguridad Muhstik Ransomware
#1
Buenas,

QNAP ha publicado consejos de seguridad para evitar este tipo de RansomWare en nuestros NAS QNAP, especial mención a los que usáis en PHPMyAdmin. Ya lo hemos comentado por aquí alguna vez. No dejéis el Password por defecto nunca.

https://www.qnap.com/es-es/security-advi...-201910-02

Security Advisory for Muhstik Ransomware
  • [b]Release date:[/b] October 4, 2019

  • [b]Security ID:[/b] NAS-201910-02

  • [b]Severity:[/b] High

  • [b]CVE identifier:[/b] N/A

  • [b]Affected products:[/b] QNAP NAS devices
Summary
The Muhstik ransomware is reportedly being used to target QNAP NAS devices. Devices using weak SQL server passwords and running phpMyAdmin may be more vulnerable to attacks.
We strongly recommend that users act immediately to protect their data from possible malware attacks.
If you have any questions regarding this issue, contact us through the QNAP Helpdesk.
Recommendation
To avoid attacks, you must:
  1. Use a stronger password for phpMyAdmin.

  2. Keep phpMyAdmin disabled whenever possible. Only enable this application when configuring settings.

  3. Update QTS to the latest version.

  4. Install and update Security Counselor to the latest version.

  5. Use a stronger admin password.

  6. Enable Network Access Protection to protect accounts from brute force attacks.

  7. Disable SSH and Telnet services if you are not using them.

  8. Avoid using default port numbers 443 and 8080.

  9. Update phpMyAdmin to the latest version.
Changing the password for phpMyAdmin
  1. Log on to QTS as administrator.

  2. Open the [b]App Center[/b], and then click the Search icon.
    A search box appears.

  3. Type “phpMyAdmin” and then press [b]ENTER[/b].
    The phpMyAdmin application appears in the search results list.

  4. Click [b]Open[/b].
    phpMyAdmin opens in a new tab.

  5. Log on to phpMyAdmin as [b]root[/b].

  6. Under [b]General settings[/b], click [b]Change password[/b].
    The [b]Change password[/b] window appears.

  7. Select [b]Password[/b].

  8. Specify the new password.
    QNAP recommends the following criteria to improve password strength:
    • Should be at least 8 characters in length
    • Should include both uppercase and lowercase characters
    • Should include at least one number and one special character
    • Must not be the same as the username or the username reversed
    • Must not include characters that are consecutively repeated three or more times

  9. Verify the new password.
  10. Click [b]Go[/b].
    The password is changed.

[*]Disabling phpMyAdmin

  1. Log on to QTS as administrator.
  2. Open the [b]App Center[/b], and then click the Search icon.
    A search box appears.

  3. Type “phpMyAdmin”, and then press [b]ENTER[/b].
    The phpMyAdmin application appears in the search results list.

  4. Click [b]V[/b] and then select [b]Stop[/b].
    The application is disabled.

[*]Installing the QTS Update

  1. Log on to QTS as administrator.
  2. Go to [b]Control Panel[/b] > [b]System[/b] > [b]Firmware Update[/b].
  3. Under [b]Live Update[/b], click [b]Check for Update[/b].
    QTS downloads and installs the latest available update.

[*]Installing/Updating and running the latest version of Security Counselor

  1. Log on to QTS as administrator.
  2. Open the [b]App Center[/b], and then click the Search icon.
    A search box appears.

  3. Type “Security Counselor”, and then press [b]ENTER[/b].
    The Security Counselor application appears in the search results list.

  4. Click [b]Install [/b]or [b]Update[/b].
    A confirmation message appears.

  5. Click [b]OK[/b].
    The application is installed or updated to the latest version.

  6. Open [b]Security Counselor[/b].
  7. Click [b]Start Scan[/b].
    Security Counselor scans the NAS for rules.

[*]Changing the Device Password

  1. Log on to QTS as administrator.
  2. Click the profile picture on the QTS Task Bar.
    The Options window opens.

  3. Click [b]Change Password[/b].
  4. Specify the old password.
  5. Specify the new password.
    QNAP recommends the following criteria to improve password strength:
    • Should be at least 8 characters in length
    • Should include both uppercase and lowercase characters
    • Should include at least one number and one special character
    • Must not be the same as the username or the username reversed
    • Must not include characters that are consecutively repeated three or more times
  6. Verify the new password.
  7. Click [b]Apply[/b].


[*]Enabling Network Access Protection

  1. Log on to QTS as administrator.
  2. Go to [b]Control Panel[/b] >[b] System [/b]> [b]Security[/b] > [b]Network Access Protection[/b].
  3. Configure SSH protection.

    1. Select [b]SSH[/b].
    2. Specify a time period and the number of failed login attempts.
  4. Configure HTTP(S) protection.

    1. Select [b]HTTP(S)[/b].
    2. Specify a time period and the number of failed login attempts.
  5. Click [b]Apply[/b].






[*]Disabling SSH and Telnet Connections

  1. Log on to QTS as administrator.
  2. Go to [b]Control Panel [/b]>[b] Network & File Services [/b]>[b] Telnet/SSH[/b].
  3. Deselect [b]Allow Telnet connection[/b].
  4. Deselect [b]Allow SSH connection[/b].
  5. Click [b]Apply[/b].






[*]Changing the System Port Number

  1. Log on to QTS as administrator.
  2. Go to [b]Control Panel[/b] > [b]System[/b] > [b]General Settings[/b] > [b]System Administration[/b].
  3. Specify a new system port number.
    [b]Warning:[/b] Do not use 443 or 8080.

  4. Click [b]Apply[/b].






[*]Changing the SQL Server default password

  1. Log on to QTS as administrator.
  2. Go to [b]Control Panel[/b] > [b]Applications[/b] > [b]SQL Server [/b] > [b]Change Root Password[/b].
  3. Specify a new root password.
    [b]Warning:[/b] Do not use default or a simple password.

  4. Click [b]Apply[/b].






[*]Updating phpMyAdmin to the latest version.

  1. Log on to QTS as administrator.
  2. Open the [b]App Center[/b], and then click the Search icon.
    A search box appears.

  3. Type “phpMyAdmin”, and then press [b]ENTER[/b].
    The phpMyAdmin application appears in the search results list.

  4. Click [b]Update[/b].
    A confirmation message appears.
    [b]Note[/b]: This option is not available if your application is already up to date.

  5. Click [b]OK[/b].
    The application is updated to the latest version.

[*]
Saludos,
  Responder
#2
gracias por la informacion.
un saludo
Ausente
  Responder
#3
Lo miro, gracias por la info.
  Responder
#4
Alguien puede poner cómo recuperar los archivos que han sido cifrados con el virus muhstik??? Tengo un qnap ts-451+ y me gustaría intentar recuperar la información que tengo dentro. 
Gracias
  Responder
#5
Hola,

Aquí lo tienes: https://www.bleepingcomputer.com/forums/...try4882035

Saludos
  Responder
#6
Hola

He visto un poco la historia de Tobias Frömel y ha sumistrado las claves de cómo deshacer el entuerto y el programa (por consola).

Desgraciadamente él pago 670€ por el rescate sus datos.
En sus notas pone la dirección de su cartera por si alguno quiere hacerle algún pequeño ingreso “1JrwK1hpNXHVebByLD2te4E2KzxyMnvhb”

Creo que si alguno de nosotros tenemos que usar su solución, es de justicia que se le haga un pequeño pago por su gran y desinteresado trabajo.

Podéis leer más en https://pastebin.com/N8ahWBni


Un saludo

Agur eta ondo ibilli

Mon (TS-469Pro, TVS-673, QBoat Sunny y TS-453Be)
Un saludo

Agur eta ondo ibili

Ganekogorta (TS-469Pro, TVS-673e, QBoat Sunny, TS-453Be, TR-002 y QHora-301w) Ʀɐɯ0η
  Responder




Usuarios navegando en este tema: 2 invitado(s)