QNAP is warning customers that attackers are exploiting known flaws in older versions of the company’s software for some of its NAS devices to install the Deadbolt ransomware.
The company issued an advisory on Thursday saying that its internal incident response team had observed a new spate of attacks deploying the ransomware in recent days. Deadbolt ransomware actors have targeted QNAP devices in the past on several occasions and at one point claimed to have a zero day in the NAS software. The recent wave of attacks are targeting Internet-facing devices running versions 4.3.6 and 4.4.1 of the QTS software.
“According to the investigation by the QNAP Product Security Incident Response Team (QNAP PSIRT), the attack targeted NAS devices using QTS 4.3.6 and QTS 4.4.1, and the affected models were mainly TS-x51 series and TS-x53 series. QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the Internet,” the advisory says.
Deadbolt is a relatively new strain of ransomware, having emerged earlier this year. The actors deploying it generally have targeted NAS devices specifically and have compromised thousands of them in past campaigns. QNAP NAS devices were not the only targets, but they appear to be the targets of choice for this ransomware group. QNAP issued a similar advisory in January when Deadbolt first appeared on the scene, and urged customers to not expose their NAS devices to the Internet.
For organizations that do expose the devices to the Internet, QNAP recommends that administrators disable port forwarding on their routers and also disable UPnPfunctionality on their NAS devices.