QNAP has once again warned consumers and organizations using their network-attached storage (NAS) solution of a recently detected Deadbolt ransomware campaign. 

According to victim reports, the campaign appears to target QNAP NAS devices running outdated versions of QTS 4.x. According to Scott Bledsoe, CEO at Theon Technology, any NAS device is a big target for ransomware since it is used to store a significant amount of business critical data.

"Given the large number of QNAP NAS devices that are currently deployed, the Deadbolt ransomware can be used to target a wide variety of organizations for profit by the attackers," Bledsoe says. "To protect against ransomware or to prevent the leakage of sensitive data, all organizations should invest in encrypting their sensitive data at rest, and preferably with unique encryption keys per file or object. With granular encryption of data at rest, the compromise of a single encryption key will only result in a single item of information from being disclosed, and will prevent large-scale disclosure of sensitive information."

To secure NAS devices, QNAP recommends that users update QTS or QuTS hero to the latest version immediately, QNAP said in a security advisory. If the NAS device has already been compromised, QNAP asks users to take the screenshot of the ransom note to keep the bitcoin address, then upgrade to the latest firmware version, and the built-in Malware Remover application will automatically quarantine the ransom note which hijacks the login page.

Last month, QNAP also urged users to update their NAS devices to avoid exposure to Deadbolt ransomware. 

Ryan McCurdy, Vice President of Marketing at Bolster, Inc., says, "The latest attacks on QNAP devices highlight an ongoing patching problem — many exposed instances clearly remain. A low-cost, high-payoff strategy will always be attractive to an array of attackers. It comes as no surprise as phishing attacks eclipse over 1,000,000 attacks in Q1 2022 — the most ever recorded per the APWG. According to Verizon's 2022 DBIR report, 80% of the breaches were attributed to stolen credentials; a direct example being DeadBolt ransomware."

McCurdy says, "Today, every piece of fraud has a digital component making people-based or legacy approaches nearly impossible to scale with the massive volume of data on the web. Throwing bodies and pointing solutions to this problem no longer works. In order to scale, it's critical that companies take a platform approach and leverage automation to detect, analyze, and take down fraudulent sites and content across the web, social media, app stores, marketplaces, and the dark web."