DeadBolt Ransomware Actively Targets QNAP NAS Devices — AgainDeadBolt Ransomware Actively Targets QNAP NAS Devices — Again
The QNAP network-connected devices, used to store video surveillance footage, are a juicy target for attackers, experts warn.
June 17, 2022
QNAP network-attached storage (NAS) devices running out-of-date software are under snowballing numbers of active attacks in a new DeadBolt ransomware campaign, an advisory has warned.
The company is investigating the situation, but meanwhile, QNAP recommends updating its QTS and QuTS hero to the latest versions as soon as possible. This is the second spate of attacks in the past few weeks.
QNAP NAS devices are used to store video surveillance footage and the data. In the hands of ransomware threat actors, the data could be used to extort any number of organizations and individuals, experts warned.
"Ransomware is starting to shift towards data theft, as the cybercriminals can gain from both being paid the ransom as well as sale of the data," Bud Broomhead, CEO of Viakoo, told Dark Reading in reaction to the campaign. "Threats against NAS devices will increase along with the shift to extending ransomware into data theft."
Why NAS Devices Are Easy Targets
Besides the potential data bonanza stored inside, Broomhead added that NAS devices are soft targets for cybercriminals because they're often not set up properly or protected by a firewall. They're also often not managed by IT teams, meaning there isn't a robust security patching or monitoring strategy in place to protect them from attack, he said.
"QNAP (and NAS drives in general) have been part of CISA's Known Exploited Vulnerability Catalog for some time," Broomhead added. "Out of 778 currently exploited vulnerabilities, 10 are specific to QNAP."
The company is offering support for customers who have already been compromised.
"If your NAS has already been compromised, take the screenshot of the ransom note to keep the bitcoin address, then, upgrade to the latest firmware version and the built-in Malware Remover application will automatically quarantine the ransom note which hijacks the login page," QNAP wrote in its security advisory on DeadBolt ransomware.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks