Taiwanese network-attached storage (NAS) solutions provider QNAP Systems over the weekend issued a fresh warning of new Deadbolt ransomware attacks targeting its NAS users.
Initially spotted in January 2022, the Deadbolt ransomware appends the .deadbolt extension to the encrypted files, while also hijacking the NAS device’s login page, to prevent victims from accessing their files.
The new Deadbolt attacks were first seen on September 3, attempting to exploit a vulnerability in the Photo Station photo management application.
“QNAP Systems, Inc. today detected the security threat Deadbolt leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the internet,” the company announced on Saturday.
Over the weekend, the company also released a patched version of Photo Station to prevent further exploitation, urging users to update their installations as soon as possible.
QNAP says that patches for the exploited vulnerability were included in Photo Station versions 5.2.14 (for QTS 4.2.6), 5.4.15 (QTS 4.3.3), 5.7.18 (QTS 4.3.6), 6.0.22 (QTS 5.0.0/4.5.x), and 6.1.2 (QTS 5.0.1).
As an alternative, the manufacturer suggests that users may switch to QuMagie, another photo managing solution for QNAP NAS devices.
QNAP underlines that its NAS devices should not be directly connected to the internet.
“We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. This can effectively harden the NAS and decrease the chance of being attacked,” the company says.
Users are advised to update their QNAP devices to the most recent firmware release, update all applications running on those devices, use strong passwords, backup all of their data, and disable port forwarding on their routers.
Ionut Arghire is an international correspondent for SecurityWeek. Previous Columns by Ionut Arghire:Tags: