SOCRadar® Cyber Intelligence Inc. | QNAP Fixes Zero-Day Recently Leveraged by DeadBolt Ransomware
Table Of Content
Home

Resources

Blog
Sep 06, 2022
3 Mins Read

QNAP Fixes Zero-Day Recently Leveraged by DeadBolt Ransomware

The Taiwanese company QNAP cautions customers about DeadBolt ransomware attacks upon exploiting a zero-day vulnerability in Photo Station. QNAP detected the issue on September 3. 

The DeadBolt ransomware gang has been allegedly exploiting the zero-day vulnerability on QNAP NAS devices since January 2022 to encrypt the ones that have direct exposure to the internet. In May and June 2022, the ransomware operation carried out further attacks on QNAP devices

QNAP is a Frequent Target of Ransomware

Ransom note of DeadBolt
Ransom note of DeadBolt

For a functioning decryptor, DeadBolt often requested a payment of little over $1,000 from victims of these attacks. 

On the other hand, other ransomware organizations targeting NAS devices seek larger payments. In July, the Checkmate ransomware targeted QNAP NAS devices, which demanded $15,000 from its victims.

Security Updates Are Available 

QNAP released security updates for Photo Station twelve hours after its detection. It is advised for NAS users to immediately update to the most recent version. Fixed versions are listed as:

  • QTS 5.0.1 – Photo Station 6.1.2 and later 
  • QTS 5.0.0/4.5.x – Photo Station 6.0.22 and later 
  • QTS 4.3.6 – Photo Station 5.7.18 and later 
  • QTS 4.3.3 – Photo Station 5.4.15 and later 
  • QTS 4.2.6 – Photo Station 5.2.14 and later 

Recommendations by QNAP 

QNAP highly advises taking the following precautions to secure your QNAP NAS devices and routers to guard your NAS against the DeadBolt ransomware: 

  • Get the most recent NAS firmware update. 
  • The router’s port forwarding feature should be disabled. 
  • Install the most recent versions of all apps on the NAS. 
  • Consider using QuMagie instead of Photo Station, which is more secure. 
  • For all registered users on the NAS, use strong passwords. 
  • To safeguard your data, frequently backup your files and take snapshots. 
  • To enable safe remote access and avoid internet exposure, set up myQNAPcloud on the NAS as instructed on the QNAP security advisory or use VPN. 
Related Articles
SOCRadar® Cyber Intelligence Inc. | NodeStealer’s Evolution: A Growing Threat to Facebook Accounts and Beyond
NodeStealer’s Evolution: A Growing Threat to Facebook Accounts and Beyond
Nov 22, 2024
SOCRadar® Cyber Intelligence Inc. | Financial Software Company Finastra Investigates Recent Security Incident
Financial Software Company Finastra Investigates Recent Security Incident
Nov 21, 2024
SOCRadar® Cyber Intelligence Inc. | Privilege Escalation Risks in ‘needrestart’ Utility Threaten Linux Systems; OSS-Fuzz Finds 26 Hidden Flaws
Privilege Escalation Risks in ‘needrestart’ Utility Threaten Linux Systems; OSS-Fuzz Finds 26 Hidden Flaws
Nov 21, 2024
SOCRadar® Cyber Intelligence Inc. | Apple, Oracle, and Apache Issue Critical Updates for Actively Exploited and High-Risk Vulnerabilities
Apple, Oracle, and Apache Issue Critical Updates for Actively Exploited and High-Risk Vulnerabilities
Nov 20, 2024
SOCRadar® Cyber Intelligence Inc. | Exploited PAN-OS Zero-Days Threaten Thousands of Firewalls (CVE-2024-0012 and CVE-2024-9474)
Exploited PAN-OS Zero-Days Threaten Thousands of Firewalls (CVE-2024-0012 and CVE-2024-9474)
Nov 19, 2024