Deadbolt Ransomware Exploits QNAP Vulnerability Patched in December

Buy Bitdefender Antivirus

QNAP, a major manufacturer of network-attached storage (NAS), is warning of cyberattacks against customers and is urging them to enable firmware auto-updating on their devices.

The newly discovered attack aims at a vulnerability, patched in December, that lets threat actors perform remote arbitrary code execution on impacted devices.

On Jan. 27, the manufacturer flagged the patched versions of the firmware as “Recommended Version.” QNAP NAS device owners could reportedly fend off these attacks by upgrading to these patched OS versions, which could be easily done by enabling the auto-update feature.

However, simply enabling the feature might not be enough to keep this threat at bay; users must also set the self-updating tool to acquire and apply recommended versions instead of the latest ones.

As shown in a QNAP advisory, recommended OS versions target customers who seek only major updates and are not interested in cutting-edge features. Starting with QTS 4.5.3, the auto-update feature is enabled by default and pointed at recommended versions of the QNAP operating system.

On the downside, automatic updates can sometimes interfere with NAS services, which could lead to customers not wanting to enable the feature to begin with. In the advisory, the manufacturer gives brief instructions on how to disable automatic updates but stresses that users should still check for updates regularly, and “arrange the update schedule accordingly, to enhance the security of QTS / QuTS hero.”

Although QNAP didn’t name the perpetrators behind this new threat, the warning comes shortly after a wave of cyberattacks hit numerous vulnerable QNAP devices with Deadbolt ransomware.

After the Deadbolt attack encrypted the data of several customers, QNAP reportedly forced emergency updates to block perpetrators from exploiting the QSA-21-57 vulnerability. However, one QNAP forum user said its data was encrypted despite having the patched firmware version installed, which could mean that attackers leverage a different vulnerability.

QNAP recently issued a security alert urging customers to be cautious due to the new wave of attacks against its popular NAS devices and giving tips to secure them against ransomware.