Security News > 2022 > September > QNAP Warns of New DeadBolt Ransomware Attacks Exploiting Photo Station Flaw
QNAP has issued a new advisory urging users of its network-attached storage devices to upgrade to the latest version of Photo Station following yet another wave of DeadBolt ransomware attacks in the wild by exploiting a zero-day flaw in the software.
The Taiwanese company said it detected the attacks on September 3 and that "The campaign appears to target QNAP NAS devices running Photo Station with internet exposure."
Details of the flaw remain unclear at the moment, with the company advising users to disable port forwarding on the routers, prevent NAS devices from being accessible on the Internet, upgrade NAS firmware, apply strong passwords for user accounts, and take regular backups to prevent data loss.
The latest development marks the fourth round of DeadBolt attacks aimed at QNAP appliances since January 2022, followed by similar incursions in May and June.
"QNAP NAS should not be directly connected to the Internet," the company said.
"We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. This can effectively harden the NAS and decrease the chance of being attacked."
News URL
https://thehackernews.com/2022/09/qnap-warns-of-new-deadbolt-ransomware.html
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)