QNAP 'thoroughly investigating' new DeadBolt ransomware attacks


Level 62
Thread author
Top poster
Content Creator
Apr 24, 2016
Network-attached storage (NAS) vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware.

The company is urging users to update their NAS devices to the latest firmware version and ensure they're not exposed to remote access over the Internet.

"QNAP recently detected a new DeadBolt ransomware campaign. According to victim reports so far, the campaign appears to target QNAP NAS devices running QTS 4.x," QNAP said today.

"We are thoroughly investigating the case and will provide further information as soon as possible."

This warning follows multiple three other alerts the company has issued since the beginning of 2022 [1, 2, 3], all advising users to keep their devices up to date and not expose them to Internet access.
The company "strongly" recommends that all users immediately update the QTS or QuTS hero operating systems on their NAS devices to the latest version.

As QNAP said, upgrading the firmware on a compromised device will allow the built-in Malware Remover app to automatically quarantine the DeadBolt ransom note known to hijack the login page.

QNAP also advises those who cannot locate the ransom note after upgrading the firmware to enter the DeadBolt decryption key to reach out to QNAP Support for assistance.

However, before contacting QNAP's customer service, you should first try restoring the DeadBolt page using the steps detailed on this support page.

Because QNAP devices are also being targeted with other ransomware strains, including Qlocker and eCh0raix, all owners should keep their devices up to date to secure their data from future attacks.