campaign targeting the vulnerability on the morning of September 3rd. The campaign appears to target QNAP NAS devices running Photo Station with internet exposure.

QNAP urges all QNAP NAS users to update Photo Station to the latest available version or switch to QuMagie.

QNAP patches a zero-day vulnerability in Photo Station being actively exploited by ransomware groups in the wild. The company stated that the attacks started a few days ago, exploiting the zero-day vulnerability. According to the data from the ID Ransomware service, attacks peaked on the 3rd and 4th of September. The DeadBolt ransomware group has been targeting NAS devices since early 2022.

Photo Station

The campaign that exploits the vulnerability targets NAS devices running Photo Station with internet exposure. The vulnerability is now fixed but the attacks continue, thus, the company urged all users to apply the patch as soon as possible. The company stated that QNAP Product Security Incident Response Team made an assessment and released the patch for the Photo Station app within 12 hours. QNAP also recommended using QuMagie as an alternative.

According to the security advisory, the vulnerability in the following versions is already fixed:

QTS 5.0.1: Photo Station 6.1.2 and later

QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later

QTS 4.3.6: Photo Station 5.7.18 and later

QTS 4.3.3: Photo Station 5.4.15 and later

QTS 4.2.6: Photo Station 5.2.14 and later

To protect your NAS from the DeadBolt ransomware, QNAP strongly recommends securing your QNAP NAS devices and routers by following these instructions:

Disable the port forwarding function on the router. Set up myQNAPcloud on the NAS to enable secure remote access and prevent exposure to the internet. Update the NAS firmware to the latest version. Update all applications on the NAS to their latest versions. Apply strong passwords for all user accounts on the NAS. Take snapshots and back up regularly to protect your data.

The company said,

« QNAP Systems detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet. QNAP Product Security Incident Response Team had made the assessment and released the patched Photo Station app for the current version within 12 hours. QNAP urges all QNAP NAS users to update Photo Station to the latest available version. QuMagie is a simple and powerful alternative to Photo Station. We recommend using QuMagie to efficiently manage photo storage in your QNAP NAS. We strongly urge that their QNAP NAS should not be directly connected to the Internet. This is to enhance the security of your QNAP NAS. We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. This can effectively harden the NAS and decrease the chance of being attacked. »