September 26, 2022
QNAP says it's detected that DeadBolt is exploiting a Photo Station vulnerability to encrypt QNAP NAS systems directly connected to the internet. QNAP (Quality Network Appliance Provider) has warned users to update Photo Station to the latest available version. The warning comes after QNAP detected that cybercriminals known as DeadBolt have been exploiting a Photo Station vulnerability in…

QNAP says it’s detected that DeadBolt is exploiting a Photo Station vulnerability to encrypt QNAP NAS systems directly connected to the internet.

QNAP (Quality Network Appliance Provider) has warned users to update Photo Station to the latest available version.

The warning comes after QNAP detected that cybercriminals known as DeadBolt have been exploiting a Photo Station vulnerability in order to encrypt QNAP NAS systems that are directly connected to the internet.

QNAP produces NAS (Network Attached Storage) devices, among other things. QNAP’s Photo Station is an online photo album that allows users to share photos and videos stored on their NAS with others over the internet. With Photo Station, users can drag and drop photos into virtual albums, which means they don’t have to create copies when they are needed in more than one album.

Deadbolt

The ransomware group responsible for this attack is generally known as DeadBolt. The name DeadBolt is also used in the file extension of the encrypted files that the group’s ransomware generates.

QNAP and DeadBolt have history. In January 2022, news broke that a ransomware group was targeting QNAP Network Attached Storage (NAS) devices. As a countermeasure, QNAP pushed out an automatic, forced, update with firmware containing the latest security updates to protect against the attackers’ DeadBolt ransomware, which annoyed part of its userbase.

The vulnerability

Little has been published about the vulnerability, except that the QNAP Product Security Incident Response Team (QNAP PSIRT) made the assessment and released the patched Photo Station app for the current version within 12 hours. All that was made clear is that the ransomware gang is exploiting a Photo Station vulnerability to encrypt QNAP NAS systems that are directly connected to the internet.

The vulnerability has been fixed in the following versions:

  • QTS 5.0.1: Photo Station 6.1.2 and later
  • QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later
  • QTS 4.3.6: Photo Station 5.7.18 and later
  • QTS 4.3.3: Photo Station 5.4.15 and later
  • QTS 4.2.6: Photo Station 5.2.14 and later

How to fix the QNAP Photo Station vulnerability

Update Photo Station to the latest available version or to switch to QuMagie.

Here’s how to update Photo Station:

  • Log on to QTS (the QNAP NAS Operating System) as administrator.
  • Open the App Center and then click the magnifying glass.
  • A search box will appear. Enter “Photo Station”.
  • Click Update and then OK.
  • The application will be updated.

Note: The Update button is not available if your version is already up to date.

Do not connect your NAS directly to the internet. To enhance the security of your NAS, QNAP recommends users use the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. Or you can use another VPN of your choice.

Source