Friday, May 23, 2025
HomeCVE/vulnerabilityQNAP Warns of DeadBolt Ransomware Attacks Exploiting a Zero-day Flaw

QNAP Warns of DeadBolt Ransomware Attacks Exploiting a Zero-day Flaw

Published on

SIEM as a Service

Follow Us on Google News

QNAP Systems, Inc found a new DEADBOLT ransomware attacks that exploits zero-day vulnerability in Photo Station. QNAP urges all QNAP NAS users to update Photo Station to the latest available version.

“QNAP® Systems, Inc. today detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet,” security notice from QNAP.

The company noticed DeadBolt ransomware campaign on September 3rd, 2022. “The campaign appears to target QNAP NAS devices running Photo Station with internet exposure”, QNAP.

- Advertisement - Google News

The company did not share CVE for the vulnerability however the company fixed the Photo Station vulnerability within 12 hours of its use by DeadBolt actors and advised users to take a range of actions to protect themselves, including making sure their devices are not exposed to the internet.

A surge in DeadBolt submissions to ID Ransomware

A surge in DeadBolt submissions to ID Ransomware (BleepingComputer)

The attacks were extensive, with the ID Ransomware service seeing a surge in submissions on Saturday and Sunday.

Patches Released

  • QTS 5.0.1: Photo Station 6.1.2 and later
  • QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later
  • QTS 4.3.6: Photo Station 5.7.18 and later
  • QTS 4.3.3: Photo Station 5.4.15 and later
  • QTS 4.2.6: Photo Station 5.2.14 and later

The company says that QuMagie is a simple and powerful alternative to Photo Station. Therefore it is recommended using QuMagie to efficiently manage photo storage in your QNAP NAS.

 “We strongly urge that their QNAP NAS should not be directly connected to the internet. We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service.” – QNAP.

How to Protect your NAS from the DeadBolt Ransomware? 

  • Disable the port forwarding function on the router.
  • Set up myQNAPcloud on the NAS to enable secure remote access and prevent exposure to the internet.
  • Update the NAS firmware to the latest version.
  • Update all applications on the NAS to their latest versions.
  • Apply strong passwords for all user accounts on the NAS.
  • Take snapshots and back up regularly to protect your data.

Secure Azure AD Conditional Access – Download Free White Paper

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Russian Hacker Indicted Over $24 Million Qakbot Ransomware Operation

The U.S. Department of Justice has unsealed a federal indictment against Rustam Rafailevich Gallyamov,...

Fortinet Zero-Day Under Attack: PoC Now Publicly Available

FortiGuard Labs released an urgent advisory detailing a critical vulnerability, CVE-2025-32756, affecting several Fortinet...

Global Crackdown Nets 270 Dark Web Vendors in Major Arrests

A sweeping international crackdown, codenamed Operation RapTor, has dealt a significant blow to the...

CISA Alerts on Threat Actors Targeting Commvault Azure App to Steal Secrets

On May 22, 2025, Commvault, a leading enterprise data backup provider, issued an urgent...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Russian Hacker Indicted Over $24 Million Qakbot Ransomware Operation

The U.S. Department of Justice has unsealed a federal indictment against Rustam Rafailevich Gallyamov,...

Fortinet Zero-Day Under Attack: PoC Now Publicly Available

FortiGuard Labs released an urgent advisory detailing a critical vulnerability, CVE-2025-32756, affecting several Fortinet...

Global Crackdown Nets 270 Dark Web Vendors in Major Arrests

A sweeping international crackdown, codenamed Operation RapTor, has dealt a significant blow to the...