Oh, boy, QNAP US users don’t seem to be able to catch a break since they were urged to fix their endpoints immediately again.
This time an unknown threat is looking for vulnerable QNAP NAS devices to deploy Deadbolt extortionists on.
Among the vulnerable devices are those running on QTS 4.3.6 and QTS 4.1.1 operating systems. This will include the TS-x51 series and the ST-x53 series, although probably not limited to the two.
No decoder
Those who are attacked will see a warning right on the login page that requires payment in bitcoins in exchange for a decryption key. All files at the affected endpoint will be encrypted using the AES128 algorithm and will have a .deadbolt extension for file names.
At the moment we do not know how high the demand for redemption.
Cybersecurity researcher Michael Gillespie recently published a decoder key for Deadbolt, but it seems to only work for Windows devices. At this time, it would seem, the only way to restore the device – is to actually pay a ransom.
Therefore, according to researchers, it would be better not to get infected in the first place. This can be achieved primarily by applying a patch that was already available to QNAP. The company also called NAS device owners to “avoid accessing their NAS to the Internet”.
To this end, users are encouraged to block port forwarding on their home router and disable UPnP on the NAS control panel. In addition, they must disable SSH and Telnet connections. Users can still access their NAS devices away from their home intranet by deploying a VPN and using the myQNAPcloud Link app.
Less than a month has passed since QNAP urged users to fix two vulnerabilities with a score of 9.8. At the time, it was said that bugs could be used for low-complexity attacks that did not require victim interaction.
Through: Tom’s equipment
https://www.techradar.com/news/qnap-nas-owners-told-to-patch-immediately-again/
