QNAP: Act Now to Mitigate DeadBolt Ransomware
A leading maker of network-attached storage (NAS) devices is urging customers to upgrade to the latest software version and reconfigure their systems in order to thwart a new ransomware campaign.
Taiwan vendor QNAP released a statement yesterday in response to the mounting threat from a new variant known as “DeadBolt.”
It advised customers to ensure their devices are not exposed to the internet, by opening the Security Counselor and checking if the dashboard displays the following message: “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP.”
If it does, organizations should check the Virtual Server, NAT or port forwarding settings, and disable the port forwarding setting of the NAS management service port – which, by default, means port 8080 and 443.
Next, they should disable UPnP by going to “myQNAPcloud” on the QTS menu, clicking “Auto Router Configuration,” and de-selecting “Enable UPnP port forwarding,” the vendor explained.
“DeadBolt has been widely targeting all NAS exposed to the internet without any protection and encrypting users’ data for Bitcoin ransom,” it warned.
“QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security