Network hardware maker QNAP is urging customers to update their network-attached storage devices immediately to protect them from a new wave of ransomware attacks that could destroy terabytes of data. in just one tap.
QNAP is based in Singapore said recently that it identified a new campaign from a ransomware group known as DeadBolt. The attacks against QNAP NAS devices use a proprietary feature called Photo Station. The advice instructs customers to update their firmware, indicating a vulnerability is being exploited, but the company doesn’t explicitly mention the CVE designation that security experts use to track down malware. that security bug.
“To protect your NAS from DeadBolt ransomware, QNAP strongly recommends that you secure your QNAP NAS devices and routers by following these instructions,” company officials wrote. :
- Turn off port forwarding on the router
- Set up myQNAPcloud on the NAS to allow secure remote access and prevent Internet exposure
- Update NAS firmware to the latest version
- Update all applications on the NAS to the latest version
- Apply strong passwords to all user accounts on the NAS
- Take snapshots and back up often to protect your data
The advice applies to the following devices:
- QTS 5.0.1: Photo Station 6.1.2 or later
- QTS 5.0.0/4.5.x: Photo Station 6.0.22 or later
- QTS 4.3.6: Photo Station 5.7.18 or later
- QTS 4.3.3: Photo Station 5.4.15 or later
- QTS 4.2.6: Photo Station 5.2.14 or later
First DeadBolt appeared in Januaryand within a few months, Internet security scanning service Censys said the ransomware was thousands of infected QNAP devices. The company took the unusual step of automatically pushing the update to all devices, even those with automatic updates turned off.
Now, DeadBolt is back. The user first learned about the infection in the ransom notes as follows:
DeadBolt staff also provided instructions for obtaining the decryption key needed to recover encrypted files, as well as a recommendation to QNAP to purchase a master decryption key that the company could pass on to infected customers.
So far, there is no indication that QNAP intends to take advantage of this opportunity.
NAS devices typically connect directly to a router to make files available to everyone on a home or small office network. The NAS box can also be configured to deliver files over the Internet. Configuring devices to be secure in these circumstances can become difficult, especially when there are potential for undisclosed vulnerabilities.
The latest QNAP advisory, linked above, provides instructions on how to set up QNAP’s proprietary myQNAPcloud service. Due to the sensitivity of data stored on such multiple devices, users should invest a lot of time making sure they are following best practices.