QNAP warned its clients about a recent ransomware assault of a new DeadBolt variety. All QNAP NAS devices should be running the most recent firmware. The attacks appear to be aimed at QNAP NAS systems running QTS 4.x.

With a new round of attacks spreading the DeadBolt ransomware, QNAP, a provider of network-attached storage (NAS), issued a reminder to its clients on Friday to protect their equipment. To prevent unauthorized remote access through the Internet, the company recommends consumers upgrade the firmware on their NAS systems to the most recent version. DeadBolt is a ransom note that has been known to hijack the login page, but QNAP claims that if you update the firmware on a compromised device, the built-in Malware Remover program will immediately quarantine the message.

When run on a hacked NAS device, DeadBolt encrypts files with AES128 and appends a.deadbolt extension to their names. 

Michael Gillespie, a ransomware expert, has produced a free Windows decryptor that can help decrypt files without utilizing the executable provided by DeadBolt. However, QNAP owners infected with this ransomware will still be required to pay the ransom in order to obtain a legitimate decryption key in order to restore their data.

In February, the DeadBolt ransomware purportedly used a zero-day vulnerability to infect ASUSTOR NAS equipment. 

QNAP Users Again Under Ransomware Attacks