If you have a QNAP NAS server, you should check if you have the latest OS update, be it QTS, QuTS hero or QuTS Cloud, as all of them are affected by a (now fixed) vulnerability that allows arbitrary code execution. In the last few hours, it has been detected that a new ransomware called DeadBolt is taking advantage of this vulnerability that existed in old versions of the operating system to infect and encrypt all data. Do you want to know how to be protected against this new ransomware?
DeadBolt, the new threat of QNAP NAS
In the last hours, users have started to report problems in different forums, indicating that all their files on the NAS have been encrypted by this ransomware, and that they ask for a ransom in the form of Bitcoins to recover all the encrypted data. This new ransomware targets all NAS servers from the manufacturer QNAP that do not use any type of protection when exposing it to the Internet, so they have taken advantage of a vulnerability already resolved in the latest versions of the operating system, with the aim of earn money at the expense of users.
Manufacturer QNAP recommends the following:
- Update to the latest version of the QTS or QuTS hero operating system.
- Disable remote management of the NAS server, to ensure device security.
In the event that the NAS has already been hacked, they recommend accessing the NAS server administration website by entering the full URL, since it seems that it does not redirect to the main website. In the web browser we will have to enter http://nas_ip:8080/cgi-bin/index.cgi and enter with the usual credentials, then they recommend contacting the QNAP technical support service.
At RedesZone we have published a complete guide to protect QNAP NAS servers to avoid ransomware problems or hacks. In this tutorial you will be able to see if you are exposing the administration website to the outside, and you will also be able to disable the automatic port forwarding functionality through UPnP that the NAS has.
Which NAS are affected by the vulnerability exploited by DeadBolt?
All NAS servers from the manufacturer QNAP from versions QTS 4.5.3 and later, and QuTS hero h4.5.3 and later are affected by a newly discovered vulnerability. If this vulnerability is exploited, attackers will be able to execute any malicious code on the system. If we have the latest operating system updates installed on our NAS, we will have no problems, since they have solved this security flaw. The following versions of the operating system are not affected:
- QTS 18.104.22.1681 build 20211221 and later.
- QTS 22.214.171.1242 build 20211223 and later.
- QuTS hero h126.96.36.1992 build 20211222 and later.
- QuTScloud c188.8.131.529 build 20220119 and later.
To force an update of the operating system, we can enter «Control Panel / System / Update Firmware«, click on «check update» and we will see that we have a new update on our NAS server. You could also download the latest version of the firmware via the web, entering the model of your NAS and downloading the image, later you will have to perform a manual update of the operating system.
So, if your QNAP NAS server is up to date, you don’t have to worry about this new ransomware, however, if you are using older versions, we recommend that you upgrade as soon as possible to avoid this security flaw and subsequent ransomware infection. .