Deadbolt ransomware attacks QNAP NAS users yet again

Daniel Sims

Posts: 448   +18
Staff
PSA: The Deadbolt ransomware gang started attacking ONAP network-attached storage (NAS) devices at the beginning of this year, and they have continued despite the company's security efforts. Amid the latest incident, QNAP's advice to users remains the same.

This week, QNAP reported new attacks on users of its NAS drives by Deadbolt ransomware. As with the Deadbolt attacks in January, the company recommends users upgrade their devices to the latest firmware, which the ransomware hasn't breached, and avoid connecting them to the internet.

QNAP says the latest attacks have hit devices running QTS firmware versions 4.3.6 and 4.4.1 -- mostly TS-x51 and TS-x53 series models. The latest firmware versions are 4.54 and 5.00, both of which received new builds since the January attacks. QNAP also extended security patches to some end-of-life models in February.

Following the initial incidents, the Taiwan-based company released instructions for checking a device's internet connection, which could leave it vulnerable. It also says disabling port forwarding and UPnP will make a NAS more secure.

One security measure QNAP took in January inconvenienced some users when it used its multi-layered auto-update system to force a security update. The ransomware had already spread to thousands of systems by then, causing a crisis, but others lost data after the update.

Asustor NAS drives also suffered Deadbolt attacks in February. Much like QNAP, Asustor advised users to take their devices offline. However, the company responded to Deadbolt with a security update in March.

Permalink to story.

 

Bullwinkle M

Posts: 709   +600
Hey, here's a great idea....

Why not make it secure before you sell it?

Disabling Internet connection at the factory would be so much easier and there would never be a need for a firmware update to brick the device

No?
Too much trouble for the manufacturer?

I guess you're right, let the buyer deal with ransomware, wipers and defective firmware updates

Well then, how about that write protect switch I was asking for 25 years ago and am still waiting for?

Does a 15 cent switch eat too much of the profit ?

Yeah, OK, when your right, you're right....
It is much cheaper to let the customers lose everything when the drives are full with critical data and really need to be protected, but.....
Yeah, screw the customer......short term profits are still profits!
 
Last edited:

Dimitriid

Posts: 2,203   +4,239
I've got a better suggestion but it takes extra steps:

1) Make sure your QNAP unit has an x86 chip in it
2) Make sure it has hdmi out or pci-e so you can at least temporarily plug in a gpu

After that's done you can install Truenas Scale on it: it will let you set a ZFS pool out of the drives and you can get into the bios so it always boots from a usb drive or m.2 drive if you have a slot for it but I've seen a lot of people report it works and it will be a hell of a lot safer to run than their wide open OS they just can't patch. In fact Truenas Scale probably has a lot more features you can use too to boot you just gotta well, get to boot it first.