In a desperate attempt to stop the Deadbolt ransomware campaign, Qnap itself has forced updates to its NAS operating system on customers. That, in turn, raises questions about Qnap’s access to its customers’ devices.
Qnap users are being targeted by a new ransomware campaign: Deadbolt. The NAS manufacturer has been warning users since last year to update their servers to the latest version of the QTS operating system. Furthermore, the company proactively communicated security measures customers could take. Unfortunately, many did not heed them resulting in a wave of Deadbolt infections.
Forced update
In an effort to end the encryption of data on Qnap NAS appliances by Deadbolt, Qnap took drastic action last week. Following a warning message in the notification center, the company itself forced an update to all servers still running a vulnerable version of the operating system. Anyone who had a device that was not yet infected by Deadbolt but was vulnerable is thus basically protected again.
However, the action raises several questions. For example, Qnap was able to install the update on all users, even when they had clearly unchecked the option to update automatically. They therefore wonder what control Qnap still has over their servers.
Disappeared decryptor
Furthermore, the action caused problems for people who had already paid the ransom but had not yet decrypted their data. Indeed, the update removes all traces of Deadbolt, so the decryption tool also disappears. Several victims had thus paid ransom but were still unable to access their data due to Qnap’s action. Security company Emsisoft therefore launched its own free decryptor. It only works with the right key from the hackers, but at least guarantees that whoever obtained a key after payment can unlock data again.
Meanwhile, the attack degenerates into a farce. For their part, the hackers point to Qnap’s responsibility. There was indeed a leak in Qnap’s software, but the company has already closed that zero-day for a while. The refusal of customers to update is causing Deadbolt to claim many victims, which of course does not reflect so nicely on Qnap. That company is trying with firm measures to better secure its customers’ devices, but thus causes another riot. One lesson we can learn again, though: when a security update is available, install it.