Security News > 2022 > June > QNAP NAS devices hit by DeadBolt and ech0raix ransomware

Taiwan-based QNAP Systems is warning consumers and organizations using their network-attached storage appliances of a new DeadBolt ransomware campaign.

Since NAS devices are often accessible remotely via the internet, criminals usually leverage software/firmware vulnerabilities or brute-force admin account passwords to gain access to them, pilfer and encrypt the files on them, then ask for a ransom to restore them.

Attackers generally focus on hitting QNAP and Synology NAS devices, but those by other manufacturers are also occasionally targeted.

"QNAP recently detected a new DeadBolt ransomware campaign. According to victim reports so far, the campaign appears to target QNAP NAS devices running outdated versions of QTS 4.x," the company warned on Friday, and promised to provide further information as soon as possible.

QNAP advises all users to update the devices' QTS or QuTS hero firmware to the latest version, but notes that those users who have been hit by DeadBolt to first take the screenshot of the ransom note to keep the bitcoin address and then upgrade to the latest firmware version.

Simultaneously, user reports and sample submissions on the ID Ransomware platform indicate that criminals using the ech0raix ransomware are again targeting QNAP NAS devices, Bleeping Computer reported, though the attack vector is still unknown.

News URL

https://www.helpnetsecurity.com/2022/06/20/qnap-nas-deadbolt-ech0raix/