Qnap warned customers about a new wave of DeadBolt ransomware attacks: this time, the malware exploited a 0-day vulnerability in Photo Station, which the developers rushed to fix.
Let me remind you that we also reported that Qnap forces updates to be installed because DeadBolt ransomware hacked 3600 NAS.The Taiwanese manufacturer reports that the attacks began on September 3, 2022, targeting web-accessible Qnap NAS devices running affected versions of Photo Station.
Splash of attacks recorded by Ransomware ID
So far, the problem has been quickly fixed in the following versions:
- QTS 5.0.1: Photo Station 6.1.2 and above;
- QTS 5.0.0/4.5.x: Photo Station 6.0.22 or higher;
- QTS 4.3.6: Photo Station 5.7.18 and above;
- QTS 4.3.3: Photo Station 5.4.15 and above;
- QTS 4.2.6: Photo Station 5.2.14 and above.
Although the details of the vulnerability itself have not yet been disclosed, the developers urge users to update Photo Station to the latest version as soon as possible. It is also suggested as an alternative to replace Photo Station with the more secure photo management tool QuMagie. In addition, NAS owners are not recommended to connect to the Internet directly:
Let me remind you that the DeadBolt ransomware has been attacking NAS from various manufacturers since the beginning of 2022. Basically, the ransomware “specializes” on Qnap devices, but attacks on ASUSTOR NAS have also been detected.
The attackers reported that they were ready to sell the master key, which will help to decrypt the files of all the victims, and sell all information about 0-day in the ASUSTOR NAS for 50 bitcoins, that is, for almost 1.9 million US dollars. Approximately the same requirements attackers tried to put forward and the company Qnap.
