Recent ransomware attacks against QNAP devices had caused great mayhem among end-users. In our talk, we’ll share our insights gained from public information regarding the vulnerability used by QLocker, how we performed analysis in the QNAP NAS ecosystem. and how we ended up with another new RCE. We then did more analysis on QNAP's enterprise offering, QSAN, and found 30+ CVEs in the process, some of them allowing overtaking QSAN in a similar way as QNAP NAS. Throughout our presentation, not only we'll talk about getting shells on NAS and SAN, but we'll also share our insights on how the devices can be further secured, advice for vendors for building secure systems, and finally, advice for both enterprise and ordinary end-use rs to secure the device.