Dawn Rises on a New QNAP Zero Day - ThreatWire
Added 2022-09-14 16:47:14 +0000 UTCIt’s a new week with a new QNAP zero day! QNAP posted a security bulletin for users to immediately update Photo Station to the latest available version due to a zero day being used by DEADBOLT ransomware. They noticed an uptick in ransomware attacks last Saturday that were targeting NAS devices connected directly to the internet, with widespread use. A patch was made available within 12 hours of detecting the attacks and assessing the vulnerability.
QNAP also offered an alternative called QuMagie, which is a photo storage management tool that can replace Photo Station on their NAS products. QNAP hasn’t disclosed any technical details about the zero day that was discovered.
DeadBolt isn’t new. The ransomware has been in use since January, encrypting files on vulnerable NAS devices with a DOT deadbolt extension, and hijacking the regular login page with a ransom note. But now it’s just using a new vector for attack.
The patch, which varies in version number depending on the QTS version you’re running, can prevent DeadBolt ransomware from using the Photo Station zero day, but if you have a NAS device connected to the internet, consider removing it. These can be placed behind firewalls and users can try using myQNAPcloud instead. QNAP also recommends using a strong password for user accounts, disable port forwarding on routers, upgrading the firmware, and creating backups often.
LINKS:
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
