QNAP customers are again being warned of DeadBolt ransomware attacks against NAS drives, which this time is affecting photo storage management tools.
This isn’t the first time that QNAP customers have had the security of their data threatened. Several attacks have been launched throughout 2022 focusing on varying zero-day vulnerabilities.
In a security notice on the QNAP website, customers are urged to “take immediate action”, with the company saying it “detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet.”
QNAP DeadBolt ransomware
Initially uncovered on September 3, 2022, “QNAP Product Security Incident Response Team (QNAP PSIRT) had made the assessment and released the patched Photo Station app for the current version within 12 hours.”
Bleeping Computer reports the following security updates that fix the vulnerability:
- QTS 5.0.1: Photo Station 6.1.2 and later
- QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later
- QTS 4.3.6: Photo Station 5.7.18 and later
- QTS 4.3.3: Photo Station 5.4.15 and later
- QTS 4.2.6: Photo Station 5.2.14 and later
“We recommend using QuMagie to efficiently manage photo storage in your QNAP NAS”, QNAP added, noting that this is a “simple and powerful alternative to Photo Station.”
Along with keeping their NAS drives up-to-date, QNAP has also advised that its customers avoid directly connecting their devices to the Internet. By placing a drive behind a firewall - such as the company’s own myQNAPcloud Link feature or a VPN - users can reduce their chances of being subject to a ransomware attack.
Other steps you can take if you are worried that your data may be affected is to take regular snapshots and backups, and to regularly change your password keeping in mind what makes a good password.
- Compare the best ransomware protection tools around
