[German]The vendor of NAS units, the Taiwanese manufacturer QNAP, has released a security update for its products on September 5, 2022. The update is supposed to protect against a new ransomware campaign by the DeadBolt group. The group has probably been targeting QNAP NAS devices with Photo Station in particular since September 3, 2022, as long as they are accessible via the Internet.
German blog reader Jochen emailed me yesterday to let me know (thanks for that) – but am only now getting around to posting the information. In the QNAP Security Advisory with Bulletin ID: QSA-22-24 QNAP describes the details.
QNAP discovered a new DeadBolt ransomware campaign on the morning of September 3, 2022 (GMT+8). The campaign appears to target QNAP NAS devices running Photo Station and where the devices are accessible via the Internet.
The vulnerability is said to be critical – I assume that this campaign was planned because on Saturday, September 3, 2022, US customers were in the long weekend (Labor Day). QNAP therefore provided firmware updates for the following QNAP devices within 12 hours (according to this information):
- QTS 5.0.1: Photo Station 6.1.2 and higher
- QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later
- QTS 4.3.6: Photo Station 5.7.18 and later
- QTS 4.3.3: Photo Station 5.4.15 and later
- QTS 4.2.6: Photo Station 5.2.14 and later
To protect NAS devices from the DeadBolt ransomware, QNAP strongly recommends securing these QNAP NAS devices and routers by following these instructions.
There have been multiple attacks on QNAP drives and systems in the past using the DeadBolt ransomware (see the following links at the end of the article). Bleeping Computer colleagues have traced the attacks of this ransomware group here.
