PSA: The Deadbolt ransomware gang started attacking ONAP network-attached storage (NAS) devices at the beginning of this year, and they have continued despite the company’s security efforts. Amid the latest incident, QNAP’s advice to users remains the same.
This week, QNAP reported new attacks on users of its NAS drives by Deadbolt ransomware. As with the Deadbolt attacks in January, the company recommends users upgrade their devices to the latest firmware, which the ransomware hasn’t breached, and avoid connecting them to the internet.
QNAP says the latest attacks have hit devices running QTS firmware versions 4.3.6 and 4.4.1 — mostly TS-x51 and TS-x53 series models. The latest firmware versions are 4.54 and 5.00, both of which received new builds since the January attacks. QNAP also extended security patches to some end-of-life models in February.
Following the initial incidents, the Taiwan-based company released instructions for checking a device’s internet connection, which could leave it vulnerable. It also says disabling port forwarding and UPnP will make a NAS more secure.
One security measure QNAP took in January inconvenienced some users when it used its multi-layered auto-update system to force a security update. The ransomware had already spread to thousands of systems by then, causing a crisis, but others lost data after the update.
Asustor NAS drives also suffered Deadbolt attacks in February. Much like QNAP, Asustor advised users to take their devices offline. However, the company responded to Deadbolt with a security update in March.