PSA: The Deadbolt ransomware gang began attacking ONAP network-attached storage (NAS) devices early this year, and they have continued despite the company’s security efforts. During the latest incident, QNAP’s advice to users remains the same.
This week, QNAP reported new attacks on users of its NAS drives by Deadbolt ransomware. As with the Deadbolt attacks in January, the company advises users to upgrade their devices to the latest firmware, which has not been hacked by the ransomware, and not to connect to the Internet.
QNAP says the latest attacks have hit devices running QTS firmware versions 4.3.6 and 4.4.1 — mostly TS-x51 and TS-x53 series models. The latest firmware versions are 4.54 and 5.00, both of which have received new builds since the January attacks. QNAP also extended security patches to some end-of-life models in February.
Following the initial incidents, the Taiwan-based company has released instructions on how to monitor a device’s internet connection, which could make it vulnerable. It also states that disabling port forwarding and UPnP will make a NAS more secure.
A security measure taken by QNAP in January bothered some users when it used its multi-layered auto-update system to enforce a security update. By then, the ransomware had already spread to thousands of systems and caused a crisis, but others lost data after the update.
Asustor NAS drives also suffered Deadbolt attacks in February. Like QNAP, Asustor advised users to take their devices offline. However, the company responded to Deadbolt in March with a security update.