Many users of QNAP's network attached storage (NAS) are still captives of the Deadbolt ransomware, which began spreading early last week.
On Tuesday (25/1/2022), QNAP users flooded the Reddit forum and the QNAP forum to report that their network storage device was a victim of ransomware.
According to Censys, there are 130 thousand QNAP NAS devices and nearly 5000 QNAP services showing "symptoms" of being infected with Deadbolt ransomware. The number of infected services then dropped to nearly 4000 last Friday.
"This could be for a variety of reasons, we are still investigating if we can see the reason behind this," said a Censys spokesperson when speaking about the drop in infection rates.
On Wednesday (26/1/2022), QNAP did force users to update their NAS operating system called QTS. QTS is a Linux-based operating system developed by the Taiwanese company.
According to MalwareBytes, QNAP deploys automatic updates that will automatically be downloaded and installed on its NAS. Namely firmware version 5.0.0.1891. QNAP argues, they forced the update because many users have not updated the OS even though it has been available since January 7.
"We think many people don't see the update message. We are trying to improve protection against deadbolts. If automatic updates are turned on then when we have a security patch, it can be installed immediately," explained a QNAP spokesperson.
However, even on updated devices, one user reported being exposed to ransomware. But QNAP is silent on this issue.
Deadbolt, in his message contained in the ransomware, demanded a ransom of 0.03 BTC which is equivalent to USD 1,100 to unlock the ransomware. They also stated that this was not a personal attack.
The ransomware maker also offers a universal key to unlock the ransomware for 50 BTC.