Qnap has warned customers about a new wave of DeadBolt ransomware attacks. This time, the malware exploited a zero-day vulnerability in Photo Station, which the developers rushed to fix.
The Taiwanese manufacturer reports that the attacks began on September 3, 2022, targeting web-accessible Qnap NAS devices running affected versions of Photo Station.
So far, the problem has been quickly fixed in the following versions:
- QTS 5.0.1: Photo Station 6.1.2 and above;
- QTS 5.0.0/4.5.x: Photo Station 6.0.22 or higher;
- QTS 4.3.6: Photo Station 5.7.18 and above;
- QTS 4.3.3: Photo Station 5.4.15 and above;
- QTS 4.2.6: Photo Station 5.2.14 and above.
Although the details of the vulnerability itself have not yet been disclosed, the developers urge users to update Photo Station to the latest version as soon as possible. It is also suggested as an alternative to replace Photo Station with the more secure photo management tool QuMagie. In addition, NAS owners are not recommended to connect to the Internet directly:
“We recommend using the myQNAPcloud Link feature provided by QNAP or enabling VPN,” the company wrote.
Let me remind you that the DeadBolt ransomware has been attacking NAS from various manufacturers since the beginning of 2022. Basically, the ransomware “specializes” on Qnap devices, but attacks on ASUSTOR NAS have also been detected.