Connect with us

Hi, what are you looking for?


Malware & Threats

QNAP Warns of New ‘Deadbolt’ Ransomware Attacks Targeting NAS Users

Taiwanese network-attached storage (NAS) solutions provider QNAP Systems over the weekend issued a fresh warning of new Deadbolt ransomware attacks targeting its NAS users.

Taiwanese network-attached storage (NAS) solutions provider QNAP Systems over the weekend issued a fresh warning of new Deadbolt ransomware attacks targeting its NAS users.

Initially spotted in January 2022, the Deadbolt ransomware appends the .deadbolt extension to the encrypted files, while also hijacking the NAS device’s login page, to prevent victims from accessing their files.

The new Deadbolt attacks were first seen on September 3, attempting to exploit a vulnerability in the Photo Station photo management application.

“QNAP Systems, Inc. today detected the security threat Deadbolt leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the internet,” the company announced on Saturday.

Over the weekend, the company also released a patched version of Photo Station to prevent further exploitation, urging users to update their installations as soon as possible.

QNAP says that patches for the exploited vulnerability were included in Photo Station versions 5.2.14 (for QTS 4.2.6), 5.4.15 (QTS 4.3.3), 5.7.18 (QTS 4.3.6), 6.0.22 (QTS 5.0.0/4.5.x), and 6.1.2 (QTS 5.0.1).

As an alternative, the manufacturer suggests that users may switch to QuMagie, another photo managing solution for QNAP NAS devices.

Advertisement. Scroll to continue reading.

QNAP underlines that its NAS devices should not be directly connected to the internet.

“We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. This can effectively harden the NAS and decrease the chance of being attacked,” the company says.

Users are advised to update their QNAP devices to the most recent firmware release, update all applications running on those devices, use strong passwords, backup all of their data, and disable port forwarding on their routers.

Related: QNAP Patches Critical Vulnerability in Network Surveillance Products

Related: QNAP Warns NAS Users of DeadBolt Ransomware Attacks

Related:Raspberry Robin’ Windows Worm Abuses QNAP Devices

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.