Security News
Network-attached storage vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware. "QNAP recently detected a new DeadBolt ransomware campaign. According to victim reports so far, the campaign appears to target QNAP NAS devices running QTS 4.x," QNAP said today.
Taiwanese network-attached storage devices maker QNAP on Thursday warned its customers of a fresh wave of DeadBolt ransomware attacks. "QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the internet," QNAP said in an advisory.
Taiwan-based network-attached storage maker QNAP warned customers on Thursday to secure their devices against attacks pushing DeadBolt ransomware payloads."According to the investigation by the QNAP Product Security Incident Response Team, the attack targeted NAS devices using QTS 4.3.6 and QTS 4.4.1, and the affected models were mainly TS-x51 series and TS-x53 series," the NAS maker said.
Deadbolt ignores the desktops and laptops on your network, instead finding and attacking vulnerable network-attached storage devices directly over the internet. If you'd inadvertently set up your backup device so that its web portal was accessible from the "Internet side" of your network connection - the port that's probably labelled WAN on your router, short for wide-area network - then anyone who knew the security hole patched in QSA-21-57 could attack your backup files directly.
DeadBolt ransomware has resurfaced in a new wave of attacks on QNAP that begin in mid-March and signals a new targeting of the Taiwan-based network-attached storage devices by the fledgling threat, researchers said. Researchers from Censys, which provides attack-surface management solutions, said they observed DeadBolt infections on QNAP gear ramp up slowly starting March 16, with a total of 373 infections that day.
ASUSTOR network-attached storage devices have become the latest victim of Deadbolt ransomware, less than a month after similar attacks singled out QNAP NAS appliances. The attacks primarily affect internet-exposed ASUSTOR NAS models running ADM operating systems including, but not limited to, AS5104T, AS5304T, AS6404T, AS7004T, AS5202T, AS6302T, and AS1104T. Much like the intrusions targeting QNAP NAS devices, the threat actors claim to be using a zero-day vulnerability to encrypt ASUSTOR NAS devices, demanding that victims pay 0.03 bitcoins to recover access.
The DeadBolt ransomware is now targeting ASUSTOR NAS devices by encrypting files and demanding a $1,150 ransom in bitcoins. Similar to the DeadBolt ransomware attacks that targeted QNAP NAS devices last month, the threat actors claim to be using a zero-day vulnerability to encrypt ASUSTOR NAS devices.
Taiwanese company QNAP has warned customers to secure network-attached storage appliances and routers against a new ransomware variant called DeadBolt. "QNAP urges all QNAP NAS users to [] immediately update QTS to the latest available version."
"Recently the QNAP Product Security Incident Response Team detected that cybercriminals are taking advantage of a patched vulnerability, described in the QNAP Security Advisory, to launch a cyberattack," the NAS maker said today. "On January 27, 2022, QNAP set the patched versions of system software as 'Recommended Version.' If auto update for 'Recommended Version' is enabled on your QNAP NAS, the system will automatically update to certain OS version to enhance security and protection of your QNAP NAS, mitigating the attack from criminals."
Delta Electronics, an electronics company that provides products for Apple, Tesla, HP and Dell, disclosed Friday that "Non-critical systems" were attacked by "Overseas hackers" - an attack that's been attributed to the Conti Group. Taiwanese storage and networking equipment provider QNAP Systems forced out an update to its customers' network attached storage devices after warning them earlier this week that the DeadBolt ransomware was in offensive mode against them.