DeadBolt ransomware is threatening QNAP users

DeadBolt ransomware

NAS maker QNAP continues to issue security alerts, and QNAP says ransomware called DeadBolt is looking for NAS servers exposed on the public internet. Earlier this month, QNAP issued an alert saying it had detected a large number of attacks of unknown origin, which sought to exploit vulnerabilities and weak passwords in devices exposed on the public Internet.

QNAP did not mention whether the ransomware in the warning was related to the attack at the beginning of the month, but judging from the content of the two warnings, it should be the same batch of attacks.

DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users’ data for Bitcoin ransom,” the company said. “QNAP urges all QNAP NAS users to […] immediately update QTS to the latest available version.”

DeadBolt ransomware

QNAP said in the announcement that the ransomware called DeadBolt ransomware is looking for exposed NAS on the network, and then looking for potential vulnerabilities to try to launch an attack. The company said that the ransomware is not complicated and mainly relies on the vulnerabilities of the old QTS system, so it is very important for users to update the QTS system in a timely manner. It is worth noting that in the two warnings, QNAP strongly advised users not to expose their devices to the public Internet.  However, for users, not being exposed to the public network means that they cannot connect to the public network, and it is very difficult and inconvenient to access the server content when going out. QNAP even suggested that users turn off the UPnP function of the router.

The following are safety recommendations:

Use the built-in security advisory function of the QNAP device to scan the potential risks of the device, including detecting whether the device is exposed to the public network and specific open ports. If the scanning shows that the system management service can be accessed from an external address then the device is at high risk and the user should follow the security advisor guidelines to disable public network access. Including disabling external address access, disabling exposed ports, turning off port forwarding or UPnP on the router, and DMZ to ensure that the internal network cannot be accessed from the outside. Of course, the result of this is that users will not be able to access QNAP devices through the external network. If you really need external network access, you can try other methods to strengthen security. Including but not limited to using multi-factor authentication, using high-strength passwords, non-repeating passwords, or using encrypted tunnels to connect to the intranet before using the intranet to access.