September 7, 2022

QNAP has warned users of its network-attached storage (NAS) to upgrade to the latest version of Photo Station. This warning became necessary after attackers exploited a zero-day vulnerability in the software to launch a new DeadBolt ransomware attack.

Although details of the error have not yet been disclosed, QNAP advises users to take several security measures, including disabling port forwarding on the routers, preventing access to NAS devices on the internet, updating the NAS firmware, using strong passwords for user accounts, and making regular backups to prevent data loss.

“QNAP NAS should not be directly connected to the internet. We recommend users to make use of the myQNAPcloud Link feature provided by QNAP or enable the VPN service. This can effectively harden the NAS and decrease the chance of being attacked,” the company said.

The problem has been fixed in the following versions, including QTS 5.0.1: Photo Station 6.1.2 and later, QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later, QTS 4.3.6: Photo Station 5.7.18 and later, QTS 4.3.3: Photo Station 5.4.15 and later, QTS 4.2.6: Photo Station 5.2.14 and later.

The latest attack marks the fifth round of DeadBolt attacks on QNAP devices since January 2022. DeadBolt comprised approximately 17,813 devices as of September 5, with infections soaring from 7,748 on September 1 to 19,029 on September 4. Most of the hacked devices are located in the U.S. (2,385), Germany (1,596), Italy (1,293), Taiwan (1,173), the U.K. (1,069), Hong Kong (995), Australia (684), and Canada (646).

The sources for this piece include an article in TheHackerNews.