Taiwanese network-attached storage (NAS) solutions provider QNAP Systems over the weekend issued a fresh warning of new Deadbolt ransomware attacks targeting its NAS users.
Initially spotted in January 2022, the Deadbolt ransomware appends the .deadbolt extension to the encrypted files, while also hijacking the NAS device’s login page, to prevent victims from accessing their files.
The new Deadbolt attacks were first seen on September 3, attempting to exploit a vulnerability in the Photo Station photo management application.
“QNAP Systems, Inc. today detected the security threat Deadbolt leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the internet,” the company announced on Saturday.
Over the weekend, the company also released a patched version of Photo Station to prevent further exploitation, urging users to update their installations as soon as possible.
QNAP says that patches for the exploited vulnerability were included in Photo Station versions 5.2.14 (for QTS 4.2.6), 5.4.15 (QTS 4.3.3), 5.7.18 (QTS 4.3.6), 6.0.22 (QTS 5.0.0/4.5.x), and 6.1.2 (QTS 5.0.1).
As an alternative, the manufacturer suggests that users may switch to QuMagie, another photo managing solution for QNAP NAS devices.
QNAP underlines that its NAS devices should not be directly connected to the internet.
“We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. This can effectively harden the NAS and decrease the chance of being attacked,” the company says.
Users are advised to update their QNAP devices to the most recent firmware release, update all applications running on those devices, use strong passwords, backup all of their data, and disable port forwarding on their routers.
Related: QNAP Patches Critical Vulnerability in Network Surveillance Products
Related: QNAP Warns NAS Users of DeadBolt Ransomware Attacks
Related: ‘Raspberry Robin’ Windows Worm Abuses QNAP Devices
More from Ionut Arghire
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- US, Israel Provide Guidance on Securing Remote Access Software
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
