This week, QNAP has a new ransomware malware threat called DeadBolt. In the announcement, there is a familiar twist: the mitigations are well-known. Indeed, this latest malware attack would be mitigated by simply following an article on STH or elsewhere.
QNAP Ransomware DeadBolt Targets Those Disregarding Security
A few weeks ago we discussed how you should Secure Your QNAP NAS Immediately From the Latest Wave of Attacks. QNAP has a feature that we believe should be installed and used as part of the initial setup called Security Counselor.
That actually has a check to detect if the NAS can be accessed directly from the Internet both on the administration service and web server sides.
Also, the security advisor can point you to disable UPnP service here:
These are the same two checks that prevent not only this but also the previous attacks from a few weeks ago.
While we would agree that QNAP can do more to increase security, at some point, the ecosystem also needs users to take some responsibility. QNAP NASes now have features more akin to traditional servers so we can see why someone may think to just expose them directly to the Internet. Still, victims of these attacks seem to not heed the normal advice of putting the NAS at least behind a firewall/ VPN. There seems to be an education gap between those deploying these NAS units and the basic setup principles. Hopefully, QNAP can help on its end, but for our readers, please get this information out.
If our regular STH readers cannot tell, we recently heard of a small non-profit that fell victim to crypto locking ransomware. We are trying to make a better effort this quarter to make our readers aware, but really we want to have our readers spread the word to raise the level of education on this topic. Anyone with a credit card can buy a QNAP NAS, but we should be helping those that do not deal with IT regularly to know some basics. QNAP also needs to help, but we can do our part as a STH community.