Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

QNAP Warns of New ‘Deadbolt’ Ransomware Attacks Targeting NAS Users

Taiwanese network-attached storage (NAS) solutions provider QNAP Systems over the weekend issued a fresh warning of new Deadbolt ransomware attacks targeting its NAS users.

Taiwanese network-attached storage (NAS) solutions provider QNAP Systems over the weekend issued a fresh warning of new Deadbolt ransomware attacks targeting its NAS users.

Initially spotted in January 2022, the Deadbolt ransomware appends the .deadbolt extension to the encrypted files, while also hijacking the NAS device’s login page, to prevent victims from accessing their files.

The new Deadbolt attacks were first seen on September 3, attempting to exploit a vulnerability in the Photo Station photo management application.

“QNAP Systems, Inc. today detected the security threat Deadbolt leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the internet,” the company announced on Saturday.

Over the weekend, the company also released a patched version of Photo Station to prevent further exploitation, urging users to update their installations as soon as possible.

QNAP says that patches for the exploited vulnerability were included in Photo Station versions 5.2.14 (for QTS 4.2.6), 5.4.15 (QTS 4.3.3), 5.7.18 (QTS 4.3.6), 6.0.22 (QTS 5.0.0/4.5.x), and 6.1.2 (QTS 5.0.1).

As an alternative, the manufacturer suggests that users may switch to QuMagie, another photo managing solution for QNAP NAS devices.

QNAP underlines that its NAS devices should not be directly connected to the internet.

“We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. This can effectively harden the NAS and decrease the chance of being attacked,” the company says.

Users are advised to update their QNAP devices to the most recent firmware release, update all applications running on those devices, use strong passwords, backup all of their data, and disable port forwarding on their routers.

Related: QNAP Patches Critical Vulnerability in Network Surveillance Products

Related: QNAP Warns NAS Users of DeadBolt Ransomware Attacks

Related:Raspberry Robin’ Windows Worm Abuses QNAP Devices

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.