October 7, 2022
QNAP Systems issued yet another security patch for their NAS device after they detected an ongoing DEADBOLT ransomware attack leveraging a Photo Station zero-day vulnerability.People use network attached devices (NAS) to store important information, such as family videos and photos. Unfortunately, this makes them prime targets for criminals who know just how valuable this information…

QNAP Systems issued yet another security patch for their NAS device after they detected an ongoing DEADBOLT ransomware attack leveraging a Photo Station zero-day vulnerability.

People use network attached devices (NAS) to store important information, such as family videos and photos. Unfortunately, this makes them prime targets for criminals who know just how valuable this information really is.

“QNAP Product Security Incident Response Team (QNAP PSIRT) had made the assessment and released the patched Photo Station app for the current version within 12 hours,” saidQNAP in a security notice. “QNAP urges all QNAP NAS users to update Photo Station to the latest available version.”

The company also said that QuMagie is a good alternative to Photo Station and that an alternative is the right choice, for now. The company also advised customers to avoid connecting their NAS devices directly to the Internet.

“We strongly urge that their QNAP NAS should not be directly connected to the Internet.” QNAP also explained. “This is to enhance the security of your QNAP NAS. We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. This can effectively harden the NAS and decrease the chance of being attacked.”

Please keep in mind that this is an ongoing attack and that users should patch their devices as soon as possible. All of the following Photo Stations versions have been patched:

· QTS 5.0.1: Photo Station 6.1.2 and later
· QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later
· QTS 4.3.6: Photo Station 5.7.18 and later
· QTS 4.3.3: Photo Station 5.4.15 and later
· QTS 4.2.6: Photo Station 5.2.14 and later

To protect your NAS from the DeadBolt ransomware, QNAP strongly recommends securing your QNAP NAS devices and routers by following these instructions:

· Disable the port forwarding function on the router.
· Set up myQNAPcloud on the NAS to enable secure remote access and prevent exposure to the internet.
· Update the NAS firmware to the latest version
· Update all applications on the NAS to their latest versions.
· Use strong passwords for all user accounts on the NAS.
· Take snapshots and back up regularly to protect your data.


Source