Owners of QNAP network attached storage (NAS) devices received a one-two punch this week in the form of a ransomware attack and a forced update.

A relatively new ransomware gang named Deadbolt made waves earlier this week by exploiting a zero-day vulnerability in QNAP devices that allowed them to encrypt some 3600 devices that were accessible via the internet. In response, QNAP created a firmware patch and forced it to install on all NAS devices, even in instances where auto-updates were disabled. 

The forced update rebooted QNAP’s NAS devices, leading to widespread confusion among IT professionals who had no context for the unexpected downtime. It also disrupted the decryption process for device owners who opted to pay the Deadbolt gang the demanded ransom for access to their files (roughly $1000 in bitcoin).

While the actions of QNAP seemed both disruptive and perhaps even heavy-handed at first, it highlights the unenviable conflict many hardware and software companies are faced with when major vulnerabilities are exposed in their products. 

Many companies and organizations are lax at best when it comes to installing patches to critical vulnerabilities, and the discovery of said vulnerabilities automatically puts a target on the backs of their customer bases. In this respect, issuing forced updates with patches the moment they’re released helps mitigate potentially disastrous scenarios for their customer base.

On the other hand, as we’ve seen with both QNAP and the recent woes caused by Microsoft’s January security update, forced downloads to devices ultimately takes control out of the hands of customers, often to disastrous effect. 

In either case, owners of NAS devices (QNAP or no) are encouraged to ensure that their drives aren’t accessible via the internet and that any potentially vulnerable ports are closed and secured.

Not sure whether or not your NAS is protected from outside threats? Contact Nodal today!