If the conditions are right, attackers are currently pushing the DeadBolt ransomware onto Qnap network storage. Security updates are available.
Attackers are currently targeting Qnap NAS systems again and infecting them with DeadBolt. The malware encrypts data and demands a ransom.
In a warning message, the manufacturer classifies the severity as “critical”. However, devices are only threatened if the Photo Station app is used in certain versions and they are accessible via the Internet.
Update now!
The post does not provide a CVE number for the vulnerability. So far it remains unclear how attacks work. To secure systems, users should install the appropriate security update for their NAS operating system (QTS).
- QTS 4.2.6: Photo Station 5.2.14 or later
- QTS 4.3.3: Photo Station 5.4.15 or later
- QTS 4.3.6: Photo Station 5.7.18 or later
- QTS 4.5.x/5.0.0: Photo Station 6.0.22 or later
- QTS 5.0.1: Photo Station 6.1.2 or later
As obligatory security tips, Qnap lists, among other things, disabling port forwarding and keeping the system and all services up to date. Strong passwords should also be used.
As early as June 2022, the NAS manufacturer warned of attacks with DeadBolt.
