Over the last few days, it would seem that QNAP storage systems have been hit yet again with another ransomware attack. This might be of note to a lot of media creation professionals because QNAP NAS systems are quite popular due to their speed, cost and amazing batch of features. But these ransomware attacks seem to be happening too frequently as this is the third one I can remember hearing about over the years. QNAP has published a document called Take Immediate Actions to Stop Your NAS from Exposing to the Internet, and Fight Against Ransomware Together which should be essential reading for those with a QNAP. I have an older QNAP server that I disconnected from the internet long ago. I do connect it on occasion for updates but for the most part, it’s able to continue working as a simple media server without any internet connection at all.
This QNAP attack is called deadbolt and seems to encrypt and lock files and asks for a ransom to be paid in bitcoin for release. But this I saw this comment on Twitter which doesn’t give you a lot of confidence if you’re hit and decide to pay the ransom:
Not always very skilled ransomware engineers though. Heard of cases where lots of data became corrupt despite being handed the decryption key.
— Sebastian Holmqvist (@csholmq) January 27, 2022
This current QNAP attack seems to have started late last year as Bleeping Computer noted QNAP NAS devices hit in surge of ech0raix ransomware attacks back in late December. I didn’t see any scuttlebutt on Twitter about this but then again, I’m not going around looking for it. This current attack came to my attention from someone asking about it in a Facebook group. It makes me wonder if QNAP is proactively contacting customers when these kinds of attacks are detected. This article from that Facebook group discussion is also a good one.
One of our friends of PVC was hit with a QNAP ransomware attack and he wrote about the experience last year: The Day After the Eve of Destruction – Our experience with the recent QNAP server attack. Hopefully others learned from that experience and maybe avoided this one.
The official QNAP forum FAQs have a specific thread on the deadbolt attack. As of this writing, it’s 14 pages long so if you’re wondering about it have been hit by it then this might be a good place to spend some time.
Otherwise, how about some Twitter discussion around the issue!?
I just got hacked. Ransomware named DeadBolt found an exploit in @QNAP_nas storage devices, encrypting all files. They ask $1,000 from individuals or $1.8 million from QNAP. I have 50tb of data there, none of it essential or sensitive, but it hurts a lot. Time for a fresh start. pic.twitter.com/E8ZkyIbdfp
— Lex Fridman (@lexfridman) January 27, 2022
Another Qnap vulnerability.. we talked about this last time – keep them behind your firewall! But boy they have to get their act together. https://t.co/gZlFkHxy2u
— Lon Seidman (@lonseidman) January 27, 2022
#QNAP seem to have a new #Ransomware attack: #Deadbolt. What’s the fix, QNAP?
Each customer being asked to pay 0.03 #BTC pic.twitter.com/1XS1liTZn2— Wireless-News (@news_wireless) January 25, 2022
#Deadbolt #QNAP #ransomware slowly spreads across 🇪🇺 https://t.co/MJxTEyVI7q pic.twitter.com/Q5H27Qxhyp
— tom (@the_hofmann) January 27, 2022