Taiwanese firm QNAP Systems has alerted customers to ongoing DeadBolt ransomware attacks that began on Saturday.
Per reports, the attack’s backdoor was a vulnerability in the firm’s private cloud storage for photos called Photo Station.
RELATED RESOURCE
An EDR buyer's guide
How to pick the best endpoint detection and response solution for your business
"QNAP Systems, Inc. today detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet," reads the firm’s security notice.
Since the beginning of the year, the DeadBolt ransomware group has been targeting NAS devices using an alleged zero-day vulnerability on Internet-exposed devices.
In response to the recent attack, QNAP’s product security incident response team (PSIRT) released a patched Photo Station app, urging QNAP NAS users to update to the newest version.
The security updates came 12 hours after DeadBolt began using the zero-day vulnerability in its attacks. To ensure continued services, QNAP also suggested users replace their Photo Station app with QuMagie, a safer photo storage management tool for QNAP NAS devices.
Additionally, the firm advised users to avoid connecting their QNAP NAS devices to the internet as a precaution.
“We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. This can effectively harden the NAS and decrease the chance of being attacked,” said QNAP in a statement.
-
Dell Technologies World 2026: all the news, updates, and announcements from the Day 1 keynoteKeep up to date with all the news as it happens live from Dell Technologies World 2026 in Las Vegas
-
Hospital cyber attacks are increasingly hitting patient careNews New research shows only 14% are confident they can lose access to health records for 72 hours without risk to patients
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Security leaders overconfident about ransomware recoveryNews Few manage to recover all their data, and many experience business disruption
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
News With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacks
News Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Ransomware gangs are sharing virtual machines to wage cyber attacks on the cheap – but it could be their undoingNews Thousands of attacker servers all had the same autogenerated Windows hostnames, according to Sophos
