Qnap Resolved DEADBOLT Ransomware
Already fixed vulnerability in versions of QTS and QuTS hero NAS OS in January
This is a Press Release edited by StorageNewsletter.com on February 4, 2022 at 2:01 pmRelease date: February 2, 2022
Security ID: QSA-22-02
Severity: Critical
Affected products: Certain Qnap NAS
Status: Resolved
Summary
The DEADBOLT ransomware started to attack certain company’s NAS devices on January 25. The ransomware encrypts files, renames with a .deadbolt extension and hijacks the login page with a ransom note.
According to the investigation, the ransomware exploited the vulnerability reported in the security advisory QSA-21-57, which was published on January 13.
The company already fixed the vulnerability in the following versions of QTS and QuTS hero NAS OS in January:
-
QTS 5.0.0.1891 build 20211221 and later
-
QTS 4.5.4.1892 build 20211223 and later
-
QuTS hero h5.0.0.1892 build 20211222 and later
-
QuTS hero h4.5.4.1892 build 20211223 and later
-
QuTScloud c5.0.0.1919 build 20220119 and later
On January 27, Qnap Systems, Inc. reconfigured the above mentioned firmware versions as ‘Recommended Version’. If Auto Update for ‘Recommended Version’ is enabled on a firm’s NAS, the system will automatically update to the recomended version to enhance the security of Qnap NAS.
Recommendation
To protect your Qnap NAS from the DEADBOLT ransomware attack through the vulnerability, we strongly recommend updating QTS or QuTS hero to the latest version immediately.
If a NAS was already attacked by DEADBOLT, upgrade to the recommended firmware version and the built-in Malware Remover will quarantine the ransom note, which would hijack the login page.
If you want to input a received decryption key and are unable to locate the ransom note after upgrading the firmware, please contact QNAP Support for assistance.
Updating QTS or QuTS hero
-
Log on to NAS using web broswer as administrator and type http://nas_ip:8080/cgi-bin/index.cgi or https://nas_ip/cgi-bin/index.cgi in the address bar.
-
Go to Control Panel > System > Firmware Update.
-
Under Live Update, click Check for Update.
QTS or QuTS hero downloads and installs the latest available update.
Tip: You can also download the update from the company’s website. Go to Support > Download Center and then perform a manual update for your specific device.
Revision History: V1.0 (February 2, 2022) – Published