QNAP fixes zero-day vulnerability following Deadbolt ransomware attack

Ransomware message on a computer screen
(Image credit: Shutterstock)

Taiwanese firm QNAP Systems has alerted customers to ongoing DeadBolt ransomware attacks that began on Saturday.

Per reports, the attack’s backdoor was a vulnerability in the firm’s private cloud storage for photos called Photo Station.


An EDR buyer's guide

How to pick the best endpoint detection and response solution for your business


"QNAP Systems, Inc. today detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet," reads the firm’s security notice.

Since the beginning of the year, the DeadBolt ransomware group has been targeting NAS devices using an alleged zero-day vulnerability on Internet-exposed devices.

In response to the recent attack, QNAP’s product security incident response team (PSIRT) released a patched Photo Station app, urging QNAP NAS users to update to the newest version.

The security updates came 12 hours after DeadBolt began using the zero-day vulnerability in its attacks. To ensure continued services, QNAP also suggested users replace their Photo Station app with QuMagie, a safer photo storage management tool for QNAP NAS devices.

Additionally, the firm advised users to avoid connecting their QNAP NAS devices to the internet as a precaution.

“We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. This can effectively harden the NAS and decrease the chance of being attacked,” said QNAP in a statement.