Qnap Security Advisory Bulletin ID: QSA-22-19

Qnap Systems, Inc.had published security enhancement against security vulnerabilities that could affect specific versions of the company’s products.

Use the following information and solutions to correct the security issues and vulnerabilities.

DeadBolt Ransomware
Release date: June 17, 2022 
Security ID: QSA-22-19 
Severity: Critical 
Affected products: Certain Qnap NAS

Summary
The company recently detected a new DeadBolt ransomware campaign. According to victim reports so far, the campaign appears to target firm’s NAS devices running QTS 4.x.

The company is thoroughly investigating the case and will provide further information as soon as possible.

Recommendation
To secure your NAS, we strongly recommend updating QTS or QuTS hero to the latest version immediately.
If your NAS has already been compromised, upgrade to the latest firmware version and the built-in Malware Remover application will automatically quarantine the ransom note which hijacks the login page.

If you want to input a received decryption key and are unable to locate the ransom note after upgrading the firmware, contact Qnap Support for assistance.

Updating QTS or QuTS hero

1. Log on to QTS or QuTS hero as an administrator using one of the following URLs in a web browser:

   • http://nas_ip:8080/cgi-bin/index.cgi

   • https://nas_ip/cgi-bin/index.cgi 
     Note: Replace ‘nas_ip’ with your NAS IP address. 

2. Go to Control Panel > System > Firmware Update.

3. Under Live Update, click Check for Update. 
   QTS or QuTS hero downloads and installs the latest available update.

Tip: You can also download the update from the company’s website. Go to Support > Download Center and then perform a manual update for your specific device.

Revision history: V1.0 (June 17, 2022) – Published