Taiwanese network-attached storage (NAS) solutions provider QNAP Systems over the weekend issued a fresh warning of new Deadbolt ransomware attacks targeting its NAS users.
Initially spotted in January 2022, the Deadbolt ransomware appends the .deadbolt extension to the encrypted files, while also hijacking the NAS device’s login page, to prevent victims from accessing their files.
The new Deadbolt attacks were first seen on September 3, attempting to exploit a vulnerability in the Photo Station photo management application.
“QNAP Systems, Inc. today detected the security threat Deadbolt leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the internet,” the company announced on Saturday.
Over the weekend, the company also released a patched version of Photo Station to prevent further exploitation, urging users to update their installations as soon as possible.
QNAP says that patches for the exploited vulnerability were included in Photo Station versions 5.2.14 (for QTS 4.2.6), 5.4.15 (QTS 4.3.3), 5.7.18 (QTS 4.3.6), 6.0.22 (QTS 5.0.0/4.5.x), and 6.1.2 (QTS 5.0.1).
As an alternative, the manufacturer suggests that users may switch to QuMagie, another photo managing solution for QNAP NAS devices.
QNAP underlines that its NAS devices should not be directly connected to the internet.
“We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. This can effectively harden the NAS and decrease the chance of being attacked,” the company says.
Users are advised to update their QNAP devices to the most recent firmware release, update all applications running on those devices, use strong passwords, backup all of their data, and disable port forwarding on their routers.
Related: QNAP Patches Critical Vulnerability in Network Surveillance Products
Related: QNAP Warns NAS Users of DeadBolt Ransomware Attacks

More from Ionut Arghire
- Australian Man Sentenced for Scam Related to Optus Hack
- Chrome 110 Patches 15 Vulnerabilities
- Tor Network Under DDoS Pressure for 7 Months
- Russian Admits in US Court to Laundering Money for Ryuk Ransomware Gang
- Patient Information Compromised in Data Breach at San Diego Healthcare Provider
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- Vulnerability Provided Access to Toyota Supplier Management Network
- Linux Variant of Cl0p Ransomware Emerges
Latest News
- Minister: Cybercrimes Now 20% of Spain’s Registered Offenses
- Skybox Security Raises $50M, Hires New CEO
- Spies, Hackers, Informants: How China Snoops on the US
- Australian Man Sentenced for Scam Related to Optus Hack
- Chrome 110 Patches 15 Vulnerabilities
- Application Security Protection for the Masses
- Tor Network Under DDoS Pressure for 7 Months
- Siemens License Manager Vulnerabilities Allow ICS Hacking
