News

QNAP fixes zero-day vulnerability following Deadbolt ransomware attack

The occurrence of the attack is the fourth in this year's Deadbolt attack series

6 Sep 2022

.polaris__post-meta--date { display: none; } .polaris__post-meta--date.no-script { display: block; padding-left: 45px } 6 Sep 2022

Shutterstock

Taiwanese firm QNAP Systems has alerted customers to ongoing DeadBolt ransomware attacks that began on Saturday.

Per reports, the attack’s backdoor was a vulnerability in the firm’s private cloud storage for photos called Photo Station.

Related Resource

An EDR buyer's guide

How to pick the best endpoint detection and response solution for your business

Whitepaper cover with title and image of grey and green blocks, with the green ones connected to each other

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1657095202/itpro/Whitepaper%20covers/EDR_Buyer_s_Guide.jpg { display: none !important; }

Free Download

"QNAP Systems, Inc. today detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet," reads the firm’s security notice.

Since the beginning of the year, the DeadBolt ransomware group has been targeting NAS devices using an alleged zero-day vulnerability on Internet-exposed devices.

In response to the recent attack, QNAP’s product security incident response team (PSIRT) released a patched Photo Station app, urging QNAP NAS users to update to the newest version.

The security updates came 12 hours after DeadBolt began using the zero-day vulnerability in its attacks. To ensure continued services, QNAP also suggested users replace their Photo Station app with QuMagie, a safer photo storage management tool for QNAP NAS devices.

Additionally, the firm advised users to avoid connecting their QNAP NAS devices to the internet as a precaution.

“We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. This can effectively harden the NAS and decrease the chance of being attacked,” said QNAP in a statement.

Featured Resources

Accelerating healthcare transformation through patient-centred medtech solutions

Seize the digital transformation opportunities to streamline patient care and optimise patient outcomes

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1666273410/itpro/Whitepaper%20covers/Accelerating_healthcare_transformation_through_patient-centred_medtech_solutions_thumb.png { display: none !important; }

Free Download

Big payoffs from big bets in AI-powered automation

Automation disruptors realise 1.5 x higher revenue growth

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1666791335/itpro/Whitepaper%20covers/IDCBigPayouts_thumb.png { display: none !important; }

Free Download

Hyperscaler cloud service providers top ten

Why it's important for companies to consider hyperscaler cloud service providers, and why they matter

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1666797358/itpro/Whitepaper%20covers/HFS_Top_10__Hyperscale_Cloud_Service_Providers__thumb.png { display: none !important; }

Free Download

Strategic app modernisation drives digital transformation

Address business needs both now and in the future

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1666609016/itpro/Whitepaper%20covers/Strategic_app_modernization_drives_digital_transformation_thumb.png { display: none !important; }

Free Download