Network-attached storage (NAS) devices made by QNAP are experiencing another ransomware campaign orchestrated by the DeadBolt gang. The malicious campaign started during the weekend and is still ongoing. This new DeadBolt attack targets a zero-day vulnerability in QNAP’s Photo Station, a photo management software solution that offers private cloud photo storage, but unfortunately in this instance it’s opened up a window for malicious efforts. The campaign was identified during the weekend, and rated as “critical.” QNAP is now offering advice on how to avoid this kind of security risk and a software patch to remedy the situation (unless you’ve been infected already)…
According to QNAP, the vulnerability lets DeadBolt ransomware encrypt files stored on NAS units that are directly connected to the internet (e.g. assigned a public IP address). The situation was assessed and a patch for the flawed software was released within 12 hours, QNAP says, and now users are strongly advised to install the following updates to fix the dangerous security hole:
QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later
QNAP devices have become a regular target for other malicious campaigns since the beginning of the year. This time, the Taiwanese storage company is going further in advising customers to entirely replace Photo Station with a competing solution like QuMagie, and stating that NAS devices should not be connected directly to the internet to enhance the overall security of the device. To remotely access files, QNAP is advising to use the myQNAPcloud feature or enable the included VPN service. This way, QNAP says, security will be effectively hardened and the chance of being attacked will substantially decrease.