QNAP warns of new DeadBolt ransomware attack locking up NAS devices

Owners of NAS drives manufactured by QNAP have been advised that the company is “thoroughly investigating” reports that a new variant of the DeadBolt ransomware is targeting devices, locking up data and demanding victims pay a fee to extortionists.

According to QNAP, the NAS devices that have been hit by the attack to date are running an outdated version (4.x) of its QTS operating system.

Details are limited, but it appears that a security vulnerability in older versions of the QNAP QTS operating system have allowed unauthorized parties to gain remote access to device’s across the internet.

Having gained access, the malicious hackers are able to run their DeadBolt ransomware across victim’s drives, encrypting their documents, photographs, spreadsheets, movies, and other data.

In an advisory published on its website, QNAP recommends that at-risk customers update QTS or QuTS hero to the latest version immediately.

However, the company says that if you are unfortunate enough to have already had your NAS drive compromised by the DeadBolt ransomware, to take a screenshot of the ransom note (including the Bitcoin wallet address to which you are being told to send the ransom) before you upgrade the device’s firmware:

If your NAS has already been compromised, take the screenshot of the ransom note to keep the bitcoin address, then, upgrade to the latest firmware version and the built-in Malware Remover application will automatically quarantine the ransom note which hijacks the login page.

Updating QTS or QuTS hero can either be done via the NAS device’s administrator interface, or via manually downloading the latest version from the official QNAP website.

This is not the first time that QNAP has warned its customers of ransomware attacks locking up their devices. In January, for instance, QNAP first warned that the DeadBolt ransomware was exploiting security holes in order to display a ransom note at login.

The DeadBolt ransomware was then seen targeting owners of another range of NAS drives, Asustor.

NAS drive owners would be sensible to defend their devices behind a firewall – unless they feel confident that a security vulnerability that could grant access to cybercriminals is not lurking deep inside.

Source

Owners of NAS drives manufactured by QNAP have been advised that the company is “thoroughly investigating” reports that a new variant of the DeadBolt ransomware is targeting devices, locking up data and demanding victims pay a fee to extortionists.

According to QNAP, the NAS devices that have been hit by the attack to date are running an outdated version (4.x) of its QTS operating system.

Details are limited, but it appears that a security vulnerability in older versions of the QNAP QTS operating system have allowed unauthorized parties to gain remote access to device’s across the internet.

Having gained access, the malicious hackers are able to run their DeadBolt ransomware across victim’s drives, encrypting their documents, photographs, spreadsheets, movies, and other data.

In an advisory published on its website, QNAP recommends that at-risk customers update QTS or QuTS hero to the latest version immediately.

However, the company says that if you are unfortunate enough to have already had your NAS drive compromised by the DeadBolt ransomware, to take a screenshot of the ransom note (including the Bitcoin wallet address to which you are being told to send the ransom) before you upgrade the device’s firmware:

If your NAS has already been compromised, take the screenshot of the ransom note to keep the bitcoin address, then, upgrade to the latest firmware version and the built-in Malware Remover application will automatically quarantine the ransom note which hijacks the login page.

Updating QTS or QuTS hero can either be done via the NAS device’s administrator interface, or via manually downloading the latest version from the official QNAP website.

This is not the first time that QNAP has warned its customers of ransomware attacks locking up their devices. In January, for instance, QNAP first warned that the DeadBolt ransomware was exploiting security holes in order to display a ransom note at login.

The DeadBolt ransomware was then seen targeting owners of another range of NAS drives, Asustor.

NAS drive owners would be sensible to defend their devices behind a firewall – unless they feel confident that a security vulnerability that could grant access to cybercriminals is not lurking deep inside.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Threat Intelligence Services Are Universally Valued by IT Staff

Almost all IT professionals believe that threat intelligence services and feeds will help their company get ready for and repulse malware attacks. Only...

Black Basta may be an all-star ransomware gang made up of former Conti and REvil members

The group has targeted 50 businesses from English speaking countries since April 2022. ...

APAC companies are failing to build successful digital models: Forrester

Approximately 61% of APAC organizations have failed to build robust and successful digital business business models, primarily due to unsound practices of enterprise architecture...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!