Jump to content
  • QNAP patches zero-day used in new Deadbolt ransomware attacks

    alf9872000

    • 1 comment
    • 487 views
    • 3 minutes
     Share


    • 1 comment
    • 487 views
    • 3 minutes

    QNAP is warning customers of ongoing DeadBolt ransomware attacks that started on Saturday by exploiting a zero-day vulnerability in Photo Station.

     

    The company has patched the security flaw but attacks continue today.

     

    "QNAP® Systems, Inc. today detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet," explains the security notice.

     

    The attacks were widespread, with the ID Ransomware service seeing a surge in submissions on Saturday and Sunday.

     

    id-ransomware-deadbolt.jpg
    A surge in DeadBolt submissions to ID Ransomware - Source: BleepingComputer

    QNAP releases patches for a zero-day flaw

    QNAP released Photo Station security updates 12 hours after DeadBolt began using the zero-day vulnerability in attacks, urging NAS customers to immediately update Photo Station to the newest version.

    The following security updates fix the vulnerability:

    • QTS 5.0.1: Photo Station 6.1.2 and later
    • QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later
    • QTS 4.3.6: Photo Station 5.7.18 and later
    • QTS 4.3.3: Photo Station 5.4.15 and later
    • QTS 4.2.6: Photo Station 5.2.14 and later

     

    Alternatively, QNAP suggests users replace Photo Station with QuMagie, a safer photo storage management tool for QNAP NAS devices.

     

    “We strongly urge that their QNAP NAS should not be directly connected to the internet. We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service.” - QNAP.

     

    Applying the security updates will prevent the DeadBolt ransomware and other threat actors from exploiting the vulnerability and encrypting devices. However, NAS devices should never be publicly exposed to the Internet and instead placed behind a firewall.

     

    QNAP customers can find detailed instructions on applying the available updates and setting up myQNAPcloud in the security advisory.

     

    Finally, it is recommended to use strong passwords on all NAS user accounts and take regular snapshots to prevent data loss in the case of attacks.

    DeadBolt: the NAS ransomware bane

    The DeadBolt ransomware gang has been targeting NAS devices since January 2022, using an alleged zero-day vulnerability on Internet-exposed NAS devices.

     

    The ransomware operation conducted further attacks on QNAP devices in May and June 2022.

     

    DeadBolt%20ransom%20note%20and%20instruc
    DeadBolt ransom notes - Source: BleepingComputer
     

    Earlier in February, DeadBolt began targeting ASUSTOR NAS devices using a zero-day vulnerability they attempted to sell to the vendor for 7.5 Bitcoin.

     

    In most of these attacks, DeadBolt demanded a payment of just over a thousand USD from impacted users in exchange for a working decryptor.

     

    However, other NAS ransomware groups demand more significant amounts from their victims.

     

    The Checkmate ransomware targeted QNAP NAS products in July, demanding victims pay $15,000.

     

    Source: Bleeping Computer

    https://www.bleepingcomputer.com/news/security/qnap-patches-zero-day-used-in-new-deadbolt-ransomware-attacks/

    • Like 3

    User Feedback

    Recommended Comments



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...