QNAP: Act Now to Mitigate DeadBolt Ransomware
A leading maker of network-attached storage (NAS) devices is urging customers to upgrade to the latest software version and reconfigure their systems in order to thwart a new ransomware campaign.
Taiwan vendor QNAP released a statement yesterday in response to the mounting threat from a new variant known as “DeadBolt.”
It advised customers to ensure their devices are not exposed to the internet, by opening the Security Counselor and checking if the dashboard displays the following message: “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP.”
If it does, organizations should check the Virtual Server, NAT or port forwarding settings, and disable the port forwarding setting of the NAS management service port – which, by default, means port 8080 and 443.
Next, they should disable UPnP by going to “myQNAPcloud” on the QTS menu, clicking “Auto Router Configuration,” and de-selecting “Enable UPnP port forwarding,” the vendor explained.
“DeadBolt has been widely targeting all NAS exposed to the internet without any protection and encrypting users’ data for Bitcoin ransom,” it warned.
“QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP NAS and routers, and immediately update QTS to the latest available version.”
The threat actors behind DeadBolt are purportedly claiming to leverage a zero-day exploit in their attacks, which would presumably work even on updated QTS versions. However, disconnecting from the internet would keep organizations safe.
“Organizations right now should have critical insight into the use of SSH and Telnet into their QNAP devices as well as connections on port 8080 and 443 emanating from their QNAPs and historic levels of UPnP traffic,” advised Armis cyber risk officer, Andy Norton.
“There are threads surfacing on some of the support forums, where the decryption key did not work after payment, but it is also possible to remove DeadBolt using other utilities on the QNAP device.”
A report out yesterday warned that vulnerability exploits are an increasingly popular initial access vector for ransomware gangs, with the number of bugs associated with such attacks jumping 29% year-on-year in 2021.
This is far from the first time QNAP customers have been targeted by ransomware. Over the past year, AgeLocker and eCh0raix variants prompted warnings from the vendor.
Security at the core of Intel’s new vPro platform
Intel has introduced its 13th Generation Core processor line, which the company claims is the first to build threat detection...
New Post-Exploitation Attack Method Found Affecting Okta Passwords
The flaw derives from the way the Okta system records failed login attempts to instances Read More
Fake GPT Chrome extension steals Facebook session cookies, breaks into accounts
The world has gone ChatGPT bonkers. Which makes it an effective lure for cybercriminals who may want to break into...
Critical flaw in AI testing framework MLflow can lead to server and data compromise
MLflow, an open-source framework that's used by many organizations to manage their machine-learning tests and record results, received a patch...
New vulnerabilities found in industrial control systems of major vendors
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories on 49 vulnerabilities in eight industrial control systems (ICS)...
Mass Ransomware Attack
A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack: TechCrunch has learned of dozens...