QNAP, a Taiwanese manufacturer of network-attached storage (NAS) appliances, has warned its customers of a new wave of DeadBolt ransomware attacks that started over the weekend.
According to a security advisory the maker published on its website, attackers are exploiting an RCE zero-day vulnerability in Photo Station software running on internet-facing NAS devices. The flaw has been resolved in the following versions:
-
QTS 5.0.1: Photo Station 6.1.2 and later
-
QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later
-
QTS 4.3.6: Photo Station 5.7.18 and later
-
QTS 4.3.3: Photo Station 5.4.15 and later
-
QTS 4.2.6: Photo Station 5.2.14 and later
The details of the zero-day bug are unclear at the moment. The vendor recommends users to implement a number of security measures to protect their devices from attacks, including disabling the port forwarding function on the router; setting up myQNAPcloud on the NAS to enable secure remote access and prevent exposure to the internet; updating the NAS firmware and all applications on the NAS to their latest versions; applying strong passwords for all user accounts on the NAS.
Previous DeadBolt campaigns targeting QNAP NAS devices were detected in March, and June, 2022. Earlier this year, cybersecurity firm Trend Micro released a report detailing the inner workings of the DeadBolt ransomware family, which leverages multitiered extortion scheme aimed at both the vendors and their victims.