QNAP Fixes Zero-Day Recently Leveraged by DeadBolt Ransomware

The Taiwanese company QNAP cautions customers about DeadBolt ransomware attacks upon exploiting a zero-day vulnerability in Photo Station. QNAP detected the issue on September 3.

The DeadBolt ransomware gang has been allegedly exploiting the zero-day vulnerability on QNAP NAS devices since January 2022 to encrypt the ones that have direct exposure to the internet. In May and June 2022, the ransomware operation carried out further attacks on QNAP devices.

QNAP is a Frequent Target of Ransomware

For a functioning decryptor, DeadBolt often requested a payment of little over $1,000 from victims of these attacks.

On the other hand, other ransomware organizations targeting NAS devices seek larger payments. In July, the Checkmate ransomware targeted QNAP NAS devices, which demanded $15,000 from its victims.

Security Updates Are Available

QNAP released security updates for Photo Station twelve hours after its detection. It is advised for NAS users to immediately update to the most recent version. Fixed versions are listed as:

QTS 5.0.1 – Photo Station 6.1.2 and later
QTS 5.0.0/4.5.x – Photo Station 6.0.22 and later
QTS 4.3.6 – Photo Station 5.7.18 and later
QTS 4.3.3 – Photo Station 5.4.15 and later
QTS 4.2.6 – Photo Station 5.2.14 and later

Recommendations by QNAP

QNAP highly advises taking the following precautions to secure your QNAP NAS devices and routers to guard your NAS against the DeadBolt ransomware:

Get the most recent NAS firmware update.
The router’s port forwarding feature should be disabled.
Install the most recent versions of all apps on the NAS.
Consider using QuMagie instead of Photo Station, which is more secure.
For all registered users on the NAS, use strong passwords.
To safeguard your data, frequently backup your files and take snapshots.
To enable safe remote access and avoid internet exposure, set up myQNAPcloud on the NAS as instructed on the QNAP security advisory or use VPN.