What are you looking for ?
Advertise with us
RAIDON

Qnap Security Advisory QSA-22-24: Resolved DeadBolt Ransomware

DeadBolt ransomware appears to target NAS running Photo Station with Internet exposure.

Qnap Systems, Inc. had published a security advisory concerning DeadBolt ransomware campaign appears to target Qnap NAS devices running Photo Station with internet exposure.

Release date: September 3, 2022
Security ID: QSA-22-24
Severity: Critical
Affected products: Certain Qnap NAS running Photo Station with internet exposure

Status:
Resolved

Summary
The company detected a new DeadBolt ransomware campaign on the morning of September 3rd, 2022 (GMT+8). The campaign appears to target Qnap NAS devices running Photo Station with internet exposure.

The firm have already fixed vulnerability in following versions: 

  • QTS 5.0.1: Photo Station 6.1.2 and later

  • QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later

  • QTS 4.3.6: Photo Station 5.7.18 and later

  • QTS 4.3.3: Photo Station 5.4.15 and later

  • QTS 4.2.6: Photo Station 5.2.14 and later

Recommendation
To protect your NAS from DeadBolt ransomware, the company strongly recommends securing Qnap NAS devices and routers by following these instructions:

  1. Disable the port forwarding function on the router.

  2. Set up myQNAPcloud on the NAS to enable secure remote access and prevent exposure to the internet.

  3. Update the NAS firmware to the latest version.

  4. Update all applications on the NAS to their latest versions.

  5. Apply strong passwords for all user accounts on the NAS.

  6. Take snapshots and back up regularly to protect your data.

Setting Up myQNAPcloud on NAS

  1. Log on to QTS as an administrator.

  2. Open myQNAPcloud.

  3. Disable UPnP port forwarding.

    1. Go to Auto Router Configuration.

    2. Deselect Enable UPnP Port forwarding.

  4. Enable DDNS.

    1. Go to My DDNS.

    2. Click the toggle button to enable My DDNS.

  5. Do not publish your NAS services.

    1. Go to Published Services.

    2. Deselect all items under Publish.

    3. Click Apply.

  6. Configure myQNAPcloud Link to enable secure remote access to your NAS via a SmartURL.

    1. Go to myQNAPcloud Link.

    2. Click Install to install myQNAPcloud Link on your NAS.

    3. Click the toggle button to enable myQNAPcloud Link.

  7. Restrict which users can remotely access your NAS via the SmartURL.

    1. Go to Access Control.

    2. Next to Device access controls, select Private or Customized.
      Note: Selecting Private allows only the QNAP ID logged in to myQNAPcloud to access the NAS via the SmartURL. Selecting Customized allows you to invite other QNAP ID accounts to access the device via the SmartURL.

    3. If you selected Customized, click Add and specify a QNAP ID to invite the user.

  8. Obtain the SmartURL by going to Overview.
    For questions on using myQNAPcloud, visit
    this webpage  

Updating QTS

  1. Log on to QTS as an administrator.

  2. Go to Control Panel > System > Firmware Update.

  3. Under Live Update, click Check for Update.
    QTS downloads and installs the latest available update.
    Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.

Updating All Applications

  1. Log on to QTS as an administrator.

  2. Open App Center.

  3. Locate Install Updates in the top-right corner of the window.

  4. Click All.
    A confirmation message appears.

  5. Click OK.
    QTS installs the latest versions of all applications.

Updating Photo Station

  1. Log on to QTS as administrator.

  2. Open the App Center and then click Qnap Loupe .
    A search box appears.

  3. Enter ‘Photo Station’.
    Photo Station appears in the search results.

  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your version is already up to date.

  5. Click OK.
    The application is updated.

Revision History: V1.0 (September 3, 2022) – Published

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E