QNAP Warns Customers of New Wave of Deadbolt Ransomware Attacks

Taiwan-based network-attached storage (NAS) device manufacturer QNAP has warned its customers of a new series of attacks using Deadbolt ransomware.

The fresh wave of intrusions reportedly targets TS-x51 and TS-x53 series devices that run on QTS 4.3.6 and 4.4.1, as the company’s Product Security Incident Response Team (QNAP PSIRT) reports.

“The attack targeted NAS devices using QTS 4.3.6 and QTS 4.4.1, and the affected models were mainly TS-x51 series and TS-x53 series,” QNAP said in a security advisory. The wording in the advisory may hint that the compromise of more devices is suspected.

“QNAP urges all NAS users to check and update QTS to the latest version as soon as possible and avoid exposing their NAS to the Internet,” the document continues.

This is not the first time QNAP NAS devices have fallen victim to the ruthless Deadbolt ransomware attacks. March saw the discovery of a new Linux kernel vulnerability dubbed ‘Dirty Pipe’ that could be leveraged against QNAP products.

Prior to that, the company urged customers to enable automatic firmware updating on their devices after discovering a new attack aimed at a previously patched vulnerability. Not only that, but QNAP also pushed emergency updates to potentially affected devices after Deadbolt encrypted the data of several customers.

Although the company refused to say how many infections the new wave of attacks has caused, they stated that no updated device was afflicted, The Record reported.

Deadbolt is a vicious ransomware attack that damages all the files on infected devices, adding the “.deadbolt” extension to each file as it encrypts them. The attack is notorious for the fact that threat actors use it in conjunction with zero-day flaw exploitation to breach systems and encrypt files on them.