Taiwanese network-attached storage (NAS) devices maker QNAP on Thursday warned its customers of a fresh wave of DeadBolt ransomware attacks.
The intrusions are said to have targeted TS-x51 series and TS-x53 series appliances running on QTS 4.3.6 and QTS 4.4.1, according to its product security incident response team.
“QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the internet,” QNAP said in an advisory.
This development marks the third time QNAP devices have come under assault from DeadBolt ransomware since the start of the year.
In late January, as many as 4,988 DeadBolt-infected QNAP devices were identified, prompting the company to release a forced firmware update. The second uptick in new infections was observed in mid-March.
DeadBolt attacks are also notable for the fact that they allegedly leverage zero-day flaws in the software to gain remote access and encrypt the systems.
According to a new report published by Group-IB, exploitation of security vulnerabilities in public-facing applications emerged as the third most used vector to gain initial access, accounting for 21% of all ransomware attacks investigated by the firm in 2021.
In the absence of readily available security updates, QNAP has offered workarounds, including “keeping the default value ‘1M’ for LimitXMLRequestBody” and disabling mod_sed, adding that the mod_sed feature is disabled by default in Apache HTTP Server on NAS devices running the QTS operating system.
Read more: https://bit.ly/3LutrVF
You can also read this: QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities