back to article Targeted ransomware takes aim at QNAP NAS drives, warns vendor: Get your updates done pronto

QNAP has urged NAS users to act "immediately" to install its latest updates and enable security protections after warning that product-specific ransomware called Deadbolt is targeting users' boxen. "DeadBolt has been widely targeting all NAS exposed to the internet without any protection and encrypting users' data for Bitcoin …

  1. Sandtitz Silver badge
    Facepalm

    "I have 50tb of data there, none of it essential"

    Makes one think what an earth he was hoarding there...

    Also, I sincerely hope he's not lecturing about infosec at MIT.

    1. Richard Boyce

      Re: "I have 50tb of data there, none of it essential"

      I am surprised that he wrote tb instead of TB.

  2. fidodogbreath Silver badge

    Welp

    Hosting one's own private cloud is not without risk.

    1. Androgynous Cow Herd

      Re: Welp

      if it's private...it's not a cloud.

      NAS + port forwarding != "private cloud"

  3. Anonymous Coward
    Anonymous Coward

    External Facing Madness

    I have never understood why people need to expose everything. AND have UPnP? Hackers paradise.

    At least hide it behind a VPN and narrow that attack face.

    Oh - and 50TB is easy if that was a film and video collection.

    1. jtaylor Bronze badge

      Re: External Facing Madness

      "50TB is easy if that was a film and video collection."

      Indeed. Plex library, digital photos (I shoot RAW), host backups, virtual machine disks...it's amazing how quickly the TB fill up.

      1. TimMaher Silver badge

        Re: RAW

        Yup. That is really greedy but, you know, you really do want the unmodified originals.

    2. Mark 65 Silver badge
      Joke

      Re: External Facing Madness

      I have never understood why people need to expose everything

      Treat your NAS like it was your genitals? Take good care, minimal public exposure.

  4. Pascal Monett Silver badge

    "if your NAS is internet-facing"

    If it is, you're a fool.

    I don't care what excuses you have, allowing Internet access to your own treasure trove is asking for trouble. You are not an Infosec expert (on average) and you have no idea of what kind of nasties are floating around with the sole goal of finding your kit and ruining your day.

    Convenience be damned, secure your data and cut that NAS from a world of hurt.

  5. Captain Scarlet Silver badge
    Holmes

    Still sticking with QNAP tbh

    Like any consumer grade NAS its just not worth having them internet facing (As they are designed for convenience), for any QNAP users they should be aware of the security nagging for a number of years. The apps can be set to update daily, firmware is supposed to self update however I normally update this myself when it notifies via email that it has a new firmware version to install.

    The biggest issue I see (I do lurk from time to time on the Qnap forums) has been weak passwords, putting everything on the internet (MyQnapCloud has a uPnP option which might make it easy to setup means non technical users are exposing the management interface, etc...) and not disabling the admin root account. I can't see this changing anytime soon. As it seems QNap's popularity is biting I admit myself to removing everything internet facing and now using VPN for the management interface.

    1. Headley_Grange Silver badge

      Re: Still sticking with QNAP tbh

      Captain - how do you get email notifications of firmware updates?

      1. Captain Scarlet Silver badge
        Thumb Up

        Re: Still sticking with QNAP tbh

        It is a bit hidden, I've double checked and do the following

        1. Login

        2. Click the notification bell icon in their Gui top right or the 3 horizonal lines in top left

        3. Click Notification Centre

        4. Click System Notification Rules

        5. Scroll to Firmware Update and ensure the box is clicked (You will be able to see a lot of other alerts you can choose here also).

        If smtp isnt stup click the Methods and Recipients tab and you can setup the notification method there.

        1. Headley_Grange Silver badge

          Re: Still sticking with QNAP tbh

          Aah - OK. Won't work for me cos my QNAP doesn't get access to the web, so it won't know if there's an update. I assumed you were getting emails directly from QNAP. Thanks for getting back, though.

          1. Captain Scarlet Silver badge

            Re: Still sticking with QNAP tbh

            Ah ok sorry I should have made that clear, I am on Qnaps mailing list for security vulnerabilities but must admit it would be useful if there was one for Firmware updates.

            Then again the huge range they now have might make that a pain, especially if they follow HP's route for product update emails.

  6. Korev Silver badge

    Why does it only seem that QNAP is affected by these worms; don't the miscreants like Synology etc or are QNAP's security practices in need of improvement?

    1. Headley_Grange Silver badge

      Dunno, but it is a bit worrying. The previous security bulletin advised disabling the default Admin account and use strong passwords, so it looked like brute-force attacks were the problem - and Synology reported some BF attacks around the same time. The advice they give now is to disable ports 8080 & 443 and update. This seems to imply that it's something other than brute force that's getting the malware in and it's a bit worrying.

      Mine's behind a firewall with manual updates and that's where it will stay.

      1. Korev Silver badge

        My Synology is also behind a firewall with all of the Internet-facing stuff disabled too

    2. Mark 65 Silver badge

      Why does it only seem that QNAP is affected by these worms; don't the miscreants like Synology etc or are QNAP's security practices in need of improvement?

      The latter. See the part in the article about not addressing a disclosure until it became public domain.

  7. SMDTS

    Their "cloud" service doesnt work correctly without port forwarding or upnp, so now I am left with a device that doesn't do what I paid for. I thought the whole point of cloud connectivity on a nas was so it didnt need to be exposed to the web to be fully functional but apparently qnaps definition differs.

    1. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022