QNAP users angry after NAS drives are updated to combat DeadBolt ransomware | IT PRO
QNAP users angry after NAS drives are updated to combat DeadBolt ransomware
Concerns mount over the powers the NAS manufacturer has over users' products as users report non-consensual forced security updates
by: Connor Jones
28 Jan 2022
NAS drives lined up on a table against a gold background
Bigstock
QNAP customers have expressed anger towards the company after it forced a security update on large numbers of its users' network-attached storage (NAS) drives.
The NAS manufacturer announced on Wednesday that DeadBolt ransomware was "widely targeting" QNAP drives and locking out users until they paid a fee in Bitcoin. Numerous users began reporting that they had fallen victim to the ransomware campaign earlier this week after losing access to files.
QNAP warns of ransomware targeting internet-facing NAS products
Best NAS drives 2021: Which network storage appliance is right for you?
Western Digital NAS drive owners told to unplug their devices after malware attacks
A query sent to internet-facing device scanner Censys revealed 3,687 devices have already been encrypted by DeadBolt. In response, QNAP took the controversial step to force-update every users' firmware to the latest version on Thursday.
"We are trying to increase protection against DeadBolt," said an official QNAP support spokesperson in response to one complaint. "If recommended update is enabled under auto-update, then as soon as we have a security patch, it can be applied right away.
"Back in the time of Qlocker, many people got infected after we had patched the vulnerability. In fact, that whole outbreak was after the patch was released. But many people don't apply a security patch on the same day or even the same week it is released. And that makes it much harder to stop a ransomware campaign. We will work on patches/security enhancements against DeadBolt and we hope they get applied right away.
Concerns mount over the powers the NAS manufacturer has over users' products as users report non-consensual forced security updates
by: Connor Jones
28 Jan 2022
NAS drives lined up on a table against a gold background
Bigstock
QNAP customers have expressed anger towards the company after it forced a security update on large numbers of its users' network-attached storage (NAS) drives.
The NAS manufacturer announced on Wednesday that DeadBolt ransomware was "widely targeting" QNAP drives and locking out users until they paid a fee in Bitcoin. Numerous users began reporting that they had fallen victim to the ransomware campaign earlier this week after losing access to files.
QNAP warns of ransomware targeting internet-facing NAS products
Best NAS drives 2021: Which network storage appliance is right for you?
Western Digital NAS drive owners told to unplug their devices after malware attacks
A query sent to internet-facing device scanner Censys revealed 3,687 devices have already been encrypted by DeadBolt. In response, QNAP took the controversial step to force-update every users' firmware to the latest version on Thursday.
"We are trying to increase protection against DeadBolt," said an official QNAP support spokesperson in response to one complaint. "If recommended update is enabled under auto-update, then as soon as we have a security patch, it can be applied right away.
"Back in the time of Qlocker, many people got infected after we had patched the vulnerability. In fact, that whole outbreak was after the patch was released. But many people don't apply a security patch on the same day or even the same week it is released. And that makes it much harder to stop a ransomware campaign. We will work on patches/security enhancements against DeadBolt and we hope they get applied right away.
