Deadbolt Ransomware Campaign Targeting QNAP Devices
QNAP has released an advisory warning that it has become aware of a Deadbolt ransomware campaign targeting some of its products. Specifically, “the campaign appears to target QNAP NAS devices running Photo Station with internet exposure.” QNAP has released updates to address the issue, and reminds users that “QNAP NAS should not be directly connected to the Internet.”
Deadbolt has been an ongoing issue for exposed storage devices. It is important to note that this and similar ransomware has affected not just QNAP devices, but QNAP has been more open in warning users and implementing specific protections to fight this ransomware. The ransomware typically does not exploit specific vulnerabilities in the storage device’s firmware, but instead exploits configuration issues like weak passwords. And please do not expose these devices to the Internet!
Don’t expose NAS directly to the Internet, or indirectly via port forwarding. Religiously update the firmware and any applications installed, make sure there are no unknown accounts, accounts have strong passwords, and make sure that you have backups.