Archive for June 19, 2022

QNAP Again Warning Of DeadBolt Ransoware Attacks… And That’s Not The Only Ransomware Attacking QNAP Devices

Posted in Commentary with tags on June 19, 2022 by itnerd

The issues with QNAP NAS devices related to ransomware continue as there is a brand new warning from the company about the re-emergence of DeadBolt Ransomware:

QNAP recently detected a new DeadBolt ransomware campaign. According to victim reports so far, the campaign appears to target QNAP NAS devices running outdated versions of QTS 4.x.

We are thoroughly investigating the case and will provide further information as soon as possible.

The warning also includes advice as to how to secure your QNAP NAS from getting pwned. But QNAP has more ransomware variants to worry about. BleepingComputer is reporting that eCh0raix ransomware is a new concern for them:

This week, ech0raix ransomware has started targeting vulnerable QNAP Network Attached Storage (NAS) devices again, according to user reports and sample submissions on the ID Ransomware platform.

ech0raix (also known as QNAPCrypt) had hit QNAP customers in multiple large-scale waves starting with the summer of 2019 when the attackers brute-forced their way into Internet-exposed NAS devices.

Since then, several other campaigns have been detected and reported by this ransomware strain’s victims, in June 2020, in May 2020, and a massive surge of attacks targeting devices with weak passwords that started in mid-December 2021 (right before Christmas) and slowly subsided towards early February 2022.

A new surge of ech0raix attacks has now been confirmed by a quickly increasing number of ID Ransomware submissions and users reporting being hit in the BleepingComputer forums [12], with the earliest hit recorded on June 8.

Now one thing that this ransomware attack has highlighted is that this ransomware has hit Synology NAS devices in the past. But clearly QNAP is the main target here as those NAS devices keep getting hit. That suggests to me that either Synology has improved the security of their NAS devices to stop this from happening, or QNAP’s needs to seriously up its game as they might be lacking in that area. Either way, this is more bad news for QNAP owners. Myself included.