back to article DeadBolt ransomware takes another shot at QNAP storage

QNAP is warning users about another wave of DeadBolt ransomware attacks against its network-attached storage (NAS) devices – and urged customers to update their devices' QTS or QuTS hero operating systems to the latest versions. The latest outbreak – detailed in a Friday advisory – is at least the fourth campaign by the …

  1. Pascal Monett Silver badge

    So, they're going after NASes now

    I have a Synoloy DS414j.

    I've checked my IP address on and I am not visible.

    My NAS unit is up to date.

    Do I have to worry ?

    1. Headley_Grange Silver badge

      Re: So, they're going after NASes now

      Don't know about your NAS, but unless you need it to be online I'd take it off the web. My QNAP's firewalled in both directions and I do updates manually. I don't know if they're going after QNAP because they are popular or because their software is vulnerable, but many posters on the QNAP boards are pretty critical of QNAP's OS. If I'd bought this as an online server I'd be pretty annoyed and QNAP don't make things easy for users. The advice to shut down unused apps and services is good, but it would be even better if I could just delete them permanently to stop them running in the first place; this is difficult (often requires Terminal access - you can't just delete them from the web UI) and then they just come back with the next update.

    2. Anonymous Coward
      Anonymous Coward

      Re: So, they're going after NASes now

      There are IMHO very few reasons why you should expose a NAS raw to the Net. If you really, really want to access it from somewhere else, set up a VPN or use an external provider who is set up for this.

    3. Captain Scarlet

      Re: So, they're going after NASes now

      Qnap, Asustor, etc... vulnerabilities have been made worse by making it far to easy to publish services, pointing fingers at them using uPnP and not really warning users "Are you sure you want your management UI available to everyone on the internet". Users who hadn't thought about security, only the features advertised are mostly affected (Which includes a friend of mine who I then had to ask what exactly he wanted, why do you want this and realising he only wanted Plex available, nothing else). I've had 2 minor issues with firmware updates so I let them automatically update.

      Just because it can have features accessible from anywhere doesn't mean you should use it.

      Also if you was to lose your data, can you live with that (I personally use my Qnap nas as a my backup and media server, it then replicates to an online service so in theory I have 2 backups as long as I check and make sure they are working).

  2. The Man Who Fell To Earth Silver badge
    Black Helicopters

    Can't imagine exposing a QNAP NAS to the web

    I own a QNAP TS473 configured as a RAID 10 12TB storage unit. I can't imagine exposing one of these NAS's directly to the web. I have seen nothing on it that would make me think it's hardened in any way despite it running McAfee & QNAP's Malware Remover. When I need to access it remotely, I VPN into the Pepwave Balance 20X that it's behind. I also have all of the IoT crap (including TV's, Roku's & Tivo's ) on a separate VLAN from the NAS, computers & printers, as I assume that IoT junk is the most likely route for something bad to get past the Balance's firewall on it's own since that crap is constantly chattering with the manufacturer's servers. But expose a QNAP NAS directly to the web, yikes no.

    1. sitta_europea Silver badge

      Re: Can't imagine exposing a QNAP NAS to the web

      "... on a separate VLAN ..."

      Oh, that's all right then.

      1. Danny 14

        Re: Can't imagine exposing a QNAP NAS to the web

        im not great at sarcasm so not aure if it was nor not. why is that not ok? Id say sensible to jave a firewall using different rules with no vlan routing. you can lock down your nas and lock down your iot.

        1. The Man Who Fell To Earth Silver badge
          Black Helicopters

          Re: Can't imagine exposing a QNAP NAS to the web

          Not sure what his issue is. What I left out was that the "separate VLANs" which are uniquely assigned to specific ports on the router run on separate physical Ethernet wiring which also connect to completely independent mesh WiFi network hardware (one set of hardware for each VLAN) with independent encryption keys. (The router's built-in WiFi isn't used.) So units on a given VLAN can't see packets from another VLAN even if their interfaces were in promiscuous mode & they were running packet sniffing software. (i.e. I don't rely on the VLAN packet tags for security over a common network. They are used by the router itself for it's own internal use sorting packets between the Internet & specific physical Ethernet ports connected to VLAN specific physical wiring to which that VLAN's unique WiFi hardware connects.) If the Pepwave router itself gets compromised, it's all over anyway, which is true no matter what.

          My original point is that I would not let a QNAP be exposed directly to the Internet. Too much of a black box.

    2. MasterofDisaster

      Re: Can't imagine exposing a QNAP NAS to the web

      If it's in a business environment just make sure no one is able to change configurations to punch-through and gain internet access.

  3. Kevin McMurtrie Silver badge

    A reason to have it visible

    If it's your backup drive, it might still need to work for mobile devices. VPN isn't always a practical solution because it's difficult to make multiple VPN connections coexist.

    Also, VPN is as good of an intrusion vector as anything else. There's no getting around the labor needed to keep remote access safe.

    1. Captain Scarlet

      Re: A reason to have it visible

      As a Qnap owner, it has an app called QVPN that makes this very easy to set this up with openvpn or whatever vpn you want

      1. Headley_Grange Silver badge

        Re: A reason to have it visible

        That will be the QVPN app written by the same people who wrote the vulnerable code that has seen QNAP NAS’s compromised so many times in the past couple of years?

    2. Anonymous Coward
      Anonymous Coward

      Re: A reason to have it visible

      I'd argue a good firewall implemented VPN like OpenVPN is infinitely less welcoming than QNAP's firmware.

  4. Andy The Hat Silver badge

    How secure is secure?

    Some of these units are aimed straight at the enterprise and *should* be secured to a reasonable level as the operator will know the product.

    Many are SOHO grade and not so rigorously maintained as the maintainer is "going with the flow" which really lays security in the lap of QNAP, Synology or whoever.

    I asked a question in a forum which was basically "can I restrict this app's access to a specific IP range?" The helpful answer from the senior community "font of all knowledge" was

    "Is your NAS open to the internet?"

    "Well, I don't think so. But I've got some seemingly 'required system apps' with all the services they require running in the background and I have no idea what they access."

    "Why are you worrying about it then?"

    Unfortunately that's the "high level" security support most ordinary users are faced with. Even when something is presented on a plate, instead of suggesting shutting everything by default then opening access as required "they" believe one door, possibly shut, possibly locked, possibly with the key still hanging in the lock is enough.

    1. Headley_Grange Silver badge

      Re: How secure is secure?

      In my experience the QNAP forum has more than its fair share of sanctimonious twats. Raise a ticket; support are sometimes helpful as long as you don’t couch it in terms of “since your OS is so insecure, how do I…….”

  5. Huey1


    Does anyone know how you exactly receive the decryption code?

    After paying the bitcoin amount, in what way do you receive the code.

    Any experiences?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like