QNAP branded Network Attached Storage (NAS) device users are being asked to rush to apply patches again. In a security bulletin spotted by Bleeping Computer, QNAP NAS users are warned that attacks by bad actors applying Deadbolt ransomware have been spotted by the QNAP Product Security Incident Response Team (QNAP PSIRT). The vulnerability being patched could leave you with your files encrypted unless you cough up some Bitcoin for a decryption key.
According to QNAP, there are two main families of its NAS devices being targeted with the Deadbolt ransomware: the TS-x51 series and TS-x53 series. If the word "main" sounds rather vague, QNAP explains further that the current attack wave is targeting NAS devices using the QTS 4.3.6 and QTS 4.4.1 operating systems. If you are still not quite sure if this affects you, you might as well check and apply any OS updates available anyway. Better safe than sorry. Moreover, QNAP is asking all of its users to "avoid exposing their NAS to the Internet."
If you are wondering about whether your NAS is exposed to the internet, QNAP provided guidance with regard to blocking such remote access back in January -— after its last set of warnings about Deadbolt ransomware vulnerabilities. At that time, it recommended users block port forwarding on their home router and disable UPnP in the NAS control panel, as well as toggling off SSH and Telnet connections. To use your NAS away from your home intranet, QNAP would prefer you to use your router VPN, if you have one, or to securely access your QNAP NAS via the Internet through myQNAPcloud Link app.
Those who get their NAS devices infected with Deadbolt ransomware will find it has hijacked your QNAP NAS device login page with a notice about what it has done, and ways to pay to get access to your files returned. Deadbolt will go through your files, encrypting them using the AES128 algorithm and appending .deadbolt extensions to the filenames. To recover your files you will be asked to pay a ransom in a Bitcoin transaction.
Bleeping Computer reports that Windows users affected by Deadbolt can use a free decryption app, published (opens in new tab) by ransomware expert Michael Gillespie. However NAS users won't have this option at their disposal and will have to pay up for the decryption key.