• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
qnap users angry after nas drives are updated to combat

QNAP users angry after NAS drives are updated to combat DeadBolt ransomware

You are here: Home / General Cyber Security News / QNAP users angry after NAS drives are updated to combat DeadBolt ransomware
January 28, 2022

Bigstock

QNAP prospects have expressed anger in the direction of the enterprise after it compelled a security update on substantial quantities of its users’ network-attached storage (NAS) drives.

The NAS producer declared on Wednesday that DeadBolt ransomware was “extensively focusing on” QNAP drives and locking out users until finally they compensated a fee in Bitcoin. Numerous buyers started reporting that they experienced fallen victim to the ransomware campaign previously this 7 days right after dropping entry to data files.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


A question sent to internet-dealing with product scanner Censys revealed 3,687 devices have now been encrypted by DeadBolt. In reaction, QNAP took the controversial stage to drive-update just about every users’ firmware to the newest version on Thursday.

“We are hoping to boost safety from DeadBolt,” claimed an formal QNAP aid spokesperson in response to one complaint. “If encouraged update is enabled underneath vehicle-update, then as quickly as we have a security patch, it can be utilized appropriate absent.

“Back again in the time of Qlocker, several folks got contaminated soon after we experienced patched the vulnerability. In point, that total outbreak was following the patch was launched. But numerous folks do not implement a security patch on the similar working day or even the very same week it is introduced. And that can make it a great deal more durable to end a ransomware campaign. We will do the job on patches/security enhancements towards DeadBolt and we hope they get applied proper away.

“I know there are arguments both equally ways as to whether or not or not we need to do this. It is a challenging conclusion to make. But it is since of DeadBolt and our drive to end this attack as before long as feasible that we did this.”

QNAP’s actions have been met with anger from the neighborhood. Some say users’ NAS drives, several of which often have finely tuned and individualised configurations that split with sure updates, are just as susceptible now as they have been to DeadBolt if they did not update to the most recent, most secure firmware model.

“You may perhaps have experienced superior intentions, but what you did was wrong,” stated a person consumer in immediate response. “You ought to have rolled out notifications for an crisis update or patch and enable users make your mind up.

“If users determine in opposition to the update and then get owned by Deadbolt, that is on them. By forcing the update, anybody who has lost information, as a result, is no improved off than if Deadbolt had owned them, but worse you have opened QNAP up to authorized legal responsibility for that loss.”

Other end users expressed concern over QNAP’s potential to drive a modify on the components they have, devoid of 1st asking authorization. Customers raised inquiries all around what other powers QNAP has in excess of users’ NAS drives, and what the business can do with data stored on them.

For a lot of, the only sign that an update was likely to be applied was just one small ‘beep’. When consumers investigated what was taking place, they discovered their drive in the middle of rebooting following downloading an update.

Regardless of the problem, lots of reviews inform of beneficial activities with the update, but supplied that NAS drives are notoriously laborious to update securely devoid of compromising the intricate configurations end users develop for their unique environments, other consumers described intentionally avoiding the update which was in the long run compelled on them.

Timeline of .deadbolt attacks

On 10 January 2022, IT Pro reported QNAP’s authentic security assertion that it was mindful of cyber attackers focusing on its NAS drives with ransomware, urging buyers to update their firmware as before long as feasible.

No particulars of the ransomware pressure were described at the time, nor was the scope of the attackers’ concentrating on, but full specifics on how to secure drives from outdoors attacks have been provided by the manufacturer.

On Tuesday 25 January 2022, person and business enterprise users started out reporting prosperous DeadBolt attacks with their documents becoming replaced with DeadBolt variations of on their own. Among the victims was large-profile podcast host and MIT exploration scientist Lex Fridman, who furnished screenshots of the messages displayed to users and ransom payments.

I just got hacked. Ransomware named DeadBolt located an exploit in @QNAP_nas storage gadgets, encrypting all files. They ask $1,000 from men and women or $1.8 million from QNAP. I have 50tb of info there, none of it vital or sensitive, but it hurts a lot. Time for a contemporary start out. pic.twitter.com/E8ZkyIbdfp

— Lex Fridman (@lexfridman) January 27, 2022

Consumers had been asked for .3 Bitcoin (around £8,100) as a ransom demand. A separate concept was also despatched to QNAP by itself, demanding a payment of 5 Bitcoin (about £136,500) for aspects of the meant zero-working day vulnerability utilized to exploit the NAS drives, or a total of 50 Bitcoin (around £1.3 million) for the universal decryptor and zero-day facts.

“It will make me nauseous to say this, but this is true,” stated another user. “My to start with shopper just acquired strike. Documents in File Station will have a .deadbolt extension on them. This shopper experienced a protected password, and 2 factor authentication established up. I have just reported this specifically. I was expecting to have a good 7 days this 7 days. I guess that is not going to be the case for me.”

On Wednesday 26 January, QNAP release an official security assertion urging customers to update their units and “fight ransomware together”. The subsequent working day, stories started rising of pressured security updates.

A Unpleasant pattern

The targeting of QNAP’s NAS drives is the newest episode in a new trend of cyber attackers targeting internet-facing storage units. In June 2021, Western Electronic clients were being in the same way focused with knowledge-wiping malware.

Influenced units hadn’t gained security updates given that 2015, at the time of the attack, with some buyers reporting overall manufacturing unit resets of their units and others dropping terabytes of data, IT Pro reported.

In reaction, Western Digital designed the unorthodox advice to consumers that they simply unplug their storage gadgets to reduce from even further malware attacks.




Some pieces of this article are sourced from:
www.itpro.co.uk

Previous Post: «hackers using device registration trick to attack enterprises with lateral Hackers Using Device Registration Trick to Attack Enterprises with Lateral Phishing
Next Post: IT Pro News In Review: NVIDIA walks away from ARM, Belarusian train hack, and IBM to sell Watson Health it pro news in review: nvidia walks away from arm,»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.