Oh my, QNAP NAS users can’t seem to take a break, as they’ve been told to repair their terminals immediately, yet again.
This time around, an unknown malicious actor is looking for vulnerable QNAP NAS devices to deploy Deadbolt ransomware on.
Among the vulnerable devices are those running on the QTS 4.3.6 and QTS 4.1.1 operating systems. This would include the TS-x51 series and the ST-x53 series, although it’s probably not limited to those two.
No decryptor
Those who end up being attacked will see a warning directly on the login page, demanding payment in Bitcoin in exchange for the decryption key. All files on the affected endpoint will be encrypted using the AES128 algorithm and will have the .deadbolt extension to their filenames.
Currently, we do not know the amount of the ransom demand.
Cybersecurity researcher Michael Gillespie recently released a decryption key for Deadbolt, but it seems that it only works for Windows devices. Right now, it seems the only way to get the device back is to pay the ransom.
That’s why, say the researchers, it would be best not to get infected in the first place. This can be achieved, above all, by applying the patch that has already been made available by QNAP. Additionally, the company urged owners of NAS devices to “avoid exposing their NAS to the internet.”
To this end, users are advised to block port forwarding on their home router and disable UPnP in the NAS control panel. Also, they should disable SSH and Telnet connections. Users can still access their NAS devices outside of their home intranet by deploying a VPN and using the myQNAPcloud Link app.
It’s been less than a month since QNAP urged users to patch two vulnerabilities with a severity score of 9.8. Bugs can be used to perform low complexity attacks that don’t require interaction with the victim, it was said at the time.
Via: Tom’s Hardware