QNAP NAS Device Advisory | March 2022

Ransomware group, Deadbolt, is targeting QNAP NAS devices. Here's what you need to know.

Background

In January 2022, a security researcher at Censys discovered that a new ransomware group, Deadbolt ransomware, had been targeting internet-connected QNAP Network Attached Storage (NAS) devices in an attempt to encrypt them. 


Quick facts: what you need to know now

  • After an initial flurry of activity in January against thousands of machines, there was far less activity in February. However, Deadbolt re-engaged with QNAP NAS servers in March and attacks are on the rise again. 
  • The majority of the devices identified by Censys were running the QNAP QTS Linux kernel version 5.10.60.
  • QNAP forced an update for all NAS customers using the known targeted version and have been urging them to secure their devices.

Next Steps for QNAP NAS Customers:

  1. Do not expose the QNAP NAS device to the Internet. 
  2. Consider alternative file hosting capabilities such as Microsoft OneDrive or Google Drive. 
    1. If the NAS is required, configure myQNAPcloud Link to access files more securely.
  3. Check this article periodically over the next few weeks as we will keep it updated as more information becomes available.

Resources


If you have any questions, please reach out to the Risk + Response Team at services@corvusinsurance.com!