Security experts from QNAP Systems uncovered a new ransomware variant actively targeting all Internet-connected Network-attached storage (NAS) devices. Tracked as DeadBolt, the ransomware reportedly compromises NAS devices that are not secured, encrypting users’ sensitive information for Bitcoin ransom. It is found that the DeadBolt ransomware campaign mostly encrypted the NAS devices located in the U.S., Hong Kong, Taiwan, Germany, France, Italy, South Korea, the U.K., the Netherlands, and Poland.
Based in Taiwan, QNAP is a manufacturer of NAS devices. QNAP researchers recommended that all QNAP NAS consumers follow the security setting instructions and update their products to prevent unauthorized intrusions.
The researchers stated that the NAS devices are prone to various cyberthreats if they are exposed to the Internet. To check whether your NAS device is exposed to the Internet:
QNAP suggested the below security instructions for NAS security:
Go to your router’s management interface, check the Virtual Server, NAT, or Port Forwarding settings, and disable the NAS management service port (port 8080 and 443 by default).
Go to myQNAPcloud on the QTS menu, click the “Auto Router Configuration,” and unselect “Enable UPnP Port forwarding.”
This is not the first that QNAP NAS devices have been under attack. Earlier, QNAP released a security advisory warning its users about a new cryptomining malware targeting its network-attached storage (NAS) devices. A NAS device is an internet-connected storage device that allows data storage and retrieval from a central location for authorized network users and clients. Once the malware infects a NAS device, the CPU usage becomes unusually high, where a process named “oom_reaper” could occupy around 50% of the total CPU usage. QNAP stated the infection could be removed by rebooting the affected devices. Read More Here…
The post Researchers Found New Ransomware DeadBolt Targeting NAS Servers appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor