QNAP devices have been hit by DeadBolt ransomware for at least the second time in less than six months.
In January, QNAP warned users that a new ransomware strain was widely targeting its network-attached storage (NAS) devices using an alleged zero-day vulnerability. DeadBolt was encrypting users' data and demanding bitcoin payments in ongoing attacks on QNAP devices. Now, it's back for more.
The Taiwanese hardware vendor issued a statement Thursday that confirmed an investigation was underway regarding a new series of attacks. Once again, DeadBolt ransomware targeted NAS devices, which is particularly dangerous due to the devices' constant internet access.
In Thursday's security advisory, QNAP urged customers to take immediate actions to secure the hardware.
"According to the investigation by the QNAP Product Security Incident Response Team ... the affected models were mainly TS-x51 series and TS-x53 series," the advisory said. "QNAP urges all NAS users to check and update QTS [QNAP's NAS OS] to the latest version as soon as possible, and avoid exposing their NAS to the Internet."
It's unclear if DeadBolt ransomware actors were exploiting specific vulnerabilities. The QNAP advisory made no mention of any vulnerabilities or CVEs. QNAP did not respond to SearchSecurity's request for comment at press time.
UPDATE 5/20: A QNAP spokesperson sent the following statement to SearchSecurity: "Currently, there is no evidence showing DeadBolt exploited a vulnerability with a specific CVE ID. The observed infected devices are from 4.3.3 to 4.4.1. We recommend users update their QTS up-to-date so that the risk could be mitigated."
The spokesperson also said that in the recent DeadBolt attacks, some victims have lost their ransom notes after rebooting their NAs devices. "We advise users to take the screenshot before they wanted to reboot or upgrade their NAS," the spokesperson said.
Palo Alto Networks' Unit 42 addressed the newest wave of DeadBolt attacks on Twitter Monday and estimated they began on May 13. While the vendor believed the same ransomware master key from the previous QNAP attacks was used, it also noted differences.
"Unit 42 is observing a new wave of attacks of the Deadbolt #ransomware targeting QNAP NAS devices involving a new lock screen with updated JavaScript. Cortex Xpanse discovered ~3000 instances of infected devices," Unit 42 said in a tweet.
In March, security vendor Censys discovered that more than 1,000 QNAP QTS devices had been infected by DeadBolt ransomware. While it is unclear if this was an entirely new attack or fallout from January, Censys did uncover similarities. The ransom demand for individual victims remained unchanged at around $1,000, and the ransom for QNAP, which would have given the vendor the master encryption key, clocked in at more than $2 million.
"At this time, Censys cannot state whether this is a new attack targeting different versions of the QTS operating system, or if it's the original exploit targeting unpatched QNAP devices," Censys wrote in a blog.
In a FAQ post updated on March 28, QNAP said it believed the attack was related to January, though it doesn't appear entirely clear.
The latest attacks on QNAP devices highlight an ongoing patching problem, if that many exposed instances remained, which represents the urgency to update following the latest attack.
A recent joint cybersecurity advisory from U.S. and other government agencies warned enterprises of the most common mistakes and security weaknesses that allow attackers to gain initial access inside a network. They included misconfigured services that are exposed to the public internet, as well as open ports and out-of-date software.
QNAP recommended that users disable port forwarding to stop exposing NAS devices to the internet.
DeadBolt activity first surfaced in January during the attack against QNAP, which appears to be the only reported target.
Security and privacy remain a stumbling block for cloud computing, according to information experts at the Trust in the Digital ...
Amazon Web Services has added multifactor authentication to its WorkSpaces cloud desktop service, the first step in a larger ...
At Black Hat 2014, a researcher showed how AWS cloud security flaws and misconfigurations can have devastating consequences for ...
COVID-related lockdowns around China prevented Cisco from getting critical components, leading to a projected decline in revenue.
More network management tools often lead to manual errors and network trouble. Instead, consider tool integration and how ...
Cisco added automated testing for video conferences and a troubleshooting dashboard to the ThousandEyes internet intelligence ...
As technology becomes a business differentiator, a well-thought-out IT strategy plan is more crucial than ever. These IT strategy...
The recent crash of TerraUSD, a stablecoin that is a type of cryptocurrency, could rouse further regulatory scrutiny.
Businesses are increasingly focused on their environmental sustainability efforts, as investors, customers and regulators drive ...
Organizations that support both Windows and Mac desktops must approach them differently, but there is plenty of overlap with the ...
Organizations that need desktop management software should survey a variety of platform types. UEM can often provide the most ...
Organizations with both Mac and Windows devices can use some of their Windows-focused AD setup to address macOS management tasks.
At Dell Technologies World, multi-cloud was a popular topic, especially how it can happen by accident. However, it seems to be ...
Organizations have plenty of options for data integration tools, some on premises and others in the cloud. Find out which type is...
It's not always clear how visibility relates to monitoring or observability or how these terms fit together in a multi-cloud ...
Study of 130 countries shows that by the end of Q4 2021, the number of global fixed broadband connections stood at more than a ...
In the wake of Microsoft setting out its first steps towards addressing the antitrust complaints directed at it by some European ...
Many in the security community have voiced their support for the UK government’s ambitions to work towards agreement with other ...
All Rights Reserved, Copyright 2000 - 2022, TechTarget Privacy Policy Cookie Preferences Do Not Sell My Personal Info