Security News > 2022 > September > Thousands of QNAP NAS devices hit by DeadBolt ransomware (CVE-2022-27593)
QNAP Systems has provided more information about the latest DeadBolt ransomware campaign targeting users of its network-attached storage devices and the vulnerability the attackers are exploiting.
"QNAP's security team determined that the source of the DeadBolt malware attack is via The Onion Routing, an anonymous connection," the company shared.
"QNAP has collected a list of malicious hosts and preloaded the blacklist to the QuFirewall application. QuFirewall will block suspicious packets that are suspected to be sent by onion routing to prevent NAS hosts from being attacked. It detects onion routing and malicious bots every day, and dynamically updates the blocking list of malicious packets. Since most malware is routed through anonymous onions routing to avoid being traced, QNAP urges all QNAP NAS users to install QuFirewall immediately to work with us to block malware attacks."
By them pushing out cloud-based malware definition updates based on the identified attack patterns, NAS devices were protected from the ransomware threat without users having to install the patched app, and.
Automatic installation of app updates via the QTS App Center helped protect some internet-connected QNAP NAS devices from attack.
"QNAP amended NAS snapshots in 2021, preventing snapshots from being deleted by ransomware. In QTS 5.0.0, snapshots are enabled by default in Thin/Thick Volume. Users who create snapshots regularly can restore full NAS data to a specific point of time using snapshots," they explained.