IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

QNAP fixes zero-day vulnerability following Deadbolt ransomware attack

The occurrence of the attack is the fourth in this year's Deadbolt attack series

Taiwanese firm QNAP Systems has alerted customers to ongoing DeadBolt ransomware attacks that began on Saturday.

Per reports, the attack’s backdoor was a vulnerability in the firm’s private cloud storage for photos called Photo Station. 

Related Resource

An EDR buyer's guide

How to pick the best endpoint detection and response solution for your business

Whitepaper cover with title and image of grey and green blocks, with the green ones connected to each otherFree Download

"QNAP Systems, Inc. today detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet," reads the firm’s security notice.

Since the beginning of the year, the DeadBolt ransomware group has been targeting NAS devices using an alleged zero-day vulnerability on Internet-exposed devices.

In response to the recent attack, QNAP’s product security incident response team (PSIRT) released a patched Photo Station app, urging QNAP NAS users to update to the newest version.

The security updates came 12 hours after DeadBolt began using the zero-day vulnerability in its attacks. To ensure continued services, QNAP also suggested users replace their Photo Station app with QuMagie, a safer photo storage management tool for QNAP NAS devices.

Additionally, the firm advised users to avoid connecting their QNAP NAS devices to the internet as a precaution. 

“We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. This can effectively harden the NAS and decrease the chance of being attacked,” said QNAP in a statement.

Featured Resources

Accelerating healthcare transformation through patient-centred medtech solutions

Seize the digital transformation opportunities to streamline patient care and optimise patient outcomes

Free Download

Big payoffs from big bets in AI-powered automation

Automation disruptors realise 1.5 x higher revenue growth

Free Download

Hyperscaler cloud service providers top ten

Why it's important for companies to consider hyperscaler cloud service providers, and why they matter

Free Download

Strategic app modernisation drives digital transformation

Address business needs both now and in the future

Free Download

Recommended

Ransomware now strikes one in 40 organisations per week, Check Point finds
ransomware

Ransomware now strikes one in 40 organisations per week, Check Point finds

27 Jul 2022
Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
Larger monitors aren't all they're cracked up to be
monitors

Larger monitors aren't all they're cracked up to be

3 Dec 2022
Microsoft: Russia increasingly timing cyber attacks with missile strikes in Ukraine
cyber warfare

Microsoft: Russia increasingly timing cyber attacks with missile strikes in Ukraine

5 Dec 2022