Security experts from QNAP Systems uncovered a new ransomware variant actively targeting all Internet-connected Network-attached storage (NAS) devices. Tracked as DeadBolt, the ransomware reportedly compromises NAS devices that are not secured, encrypting users’ sensitive information for Bitcoin ransom. It is found that the DeadBolt ransomware campaign mostly encrypted the NAS devices located in the U.S., Hong Kong, Taiwan, Germany, France, Italy, South Korea, the U.K., the Netherlands, and Poland.
Based in Taiwan, QNAP is a manufacturer of NAS devices. QNAP researchers recommended that all QNAP NAS consumers follow the security setting instructions and update their products to prevent unauthorized intrusions.
How to check whether your NAS is exposed to the Internet
The researchers stated that the NAS devices are prone to various cyberthreats if they are exposed to the Internet. To check whether your NAS device is exposed to the Internet:
- Open the Security Counselor on your QNAP NAS.
- Your NAS is exposed to the Internet and at high risk, if it shows “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP” on the dashboard.”
QNAP suggested the below security instructions for NAS security:
1. Disable the Port Forwarding function of the router
Go to your router’s management interface, check the Virtual Server, NAT, or Port Forwarding settings, and disable the NAS management service port (port 8080 and 443 by default).
2. Disable the UPnP function of the QNAP NAS
Go to myQNAPcloud on the QTS menu, click the “Auto Router Configuration,” and unselect “Enable UPnP Port forwarding.”
NAS Devices Under Attack!
This is not the first that QNAP NAS devices have been under attack. Earlier, QNAP released a security advisory warning its users about a new cryptomining malware targeting its network-attached storage (NAS) devices. A NAS device is an internet-connected storage device that allows data storage and retrieval from a central location for authorized network users and clients. Once the malware infects a NAS device, the CPU usage becomes unusually high, where a process named “oom_reaper” could occupy around 50% of the total CPU usage. QNAP stated the infection could be removed by rebooting the affected devices. Read More Here…