• notebookcomputer
  • 03/03/2023

QNAP ransomware victims dealt double blow as firmware update hampers decryption

"Recommended version does not apply to every update," said QNAP support. "So people did not realise recommended update was enabled on their NAS. But after Deadbolt, we released a recommended update to protect from deadbolt. Because this update was set as a "recommended version", NAS with "recommended version" enabled updated.

"Having recommended version enabled by default did allow us to protect many NAS units. But if anyone does not want this feature, they can disable it."

The company added that it understood services could be interrupted during the update and that it is always looking to improve its products. Users can find further information in QNAP's official statement.

Chief points of contention were echoed in response to today's announcement with some users saying Universal Plug and Play (UPnP), a set of networking principles allowing devices to discover others on a shared network, should be disabled by default. This will disable port forwarding and secure the device, for the most part, from attacks such as the DeadBolt incident.

Others reiterated their concern over the absent warning users were given that an automatic update was coming, while one complaint that QNAP said it would consider implementing, was that firmware versions should have been backported so fixes could have been applied to users on both versions 4.x and 5.x.

QNAP released a security update on 27 January for the DeadBolt ransomware campaign it said had been "widely targeting" users' devices for a number of days. This was automatically initiated for all QNAP customers sparking fury in the community.

More than 3,000 NAS drives were successfully encrypted with DeadBolt ransomware with ransom demands ranging between 0.3 Bitcoin to 50 Bitcoin for decryptor tools. Many individual and business users reported paying the ransom to restore access to their data at the time.

QNAP ransomware victims dealt double blow as firmware update hampers decryption

QNAP justified the forced update as a difficult but necessary decision to secure the majority of NAS products around the world, but users expressed anger towards the firm for issuing the automatic patch.

Many owners of NAS drives operate on older firmware versions for various reasons, and updating to newer, safer releases can be an arduous process given the highly individualised configurations running from user to user.

Share on FacebookShare on TwitterShare on LinkedInShare via EmailFeatured Resources

Building data-driven government with the Microsoft Power Platform

How to break down data silos and reap valuable data insights

Free Download

Improve security and compliance

Adopting an effective security and compliance risk management approach

Free Download

Taking the lead on IT automation

IT leaders as evangelists for their automation strategies

Free Download

The best defence against ransomware

How ransomware is evolving and how to defend against it