Search

What should I do if I found the NAS encrypted by Deadbolt?

Last modified date: 2022-10-06

Applicable Products

  • Security
  • Malware Remover

Detail

You may have received the following message:

Detected high-risk malware. To protect your device, please immediately update the firmware to the latest version, restart the device, and then perform a malware scan to remove the malware.

After investigation, we believe that the attack is related to qsa-22-24.

We strongly recommend performing the following steps:

  1. Take a screenshot of deadbolt ransomware page and save the file to your computer.

  2. Access QTS web interface by adding /cgi-bin/index.cgi after the URL https://NAS_IP or http://NAS_IP:8080.
    (for example the NAS has IP address has 192.168.0.2 , using https://192.168.0.2/cgi-bin/index.cgi or http://192.168.0.2:8080/cgi-bin/index.cgi)

  3. Log in to QTS as an administrator

    1. Go to myQNAPcloud app > Auto Router Configuration, disable Auto Router Configuration.
    2. Open App Center, upgrade all the apps to latest version and install Malware Remover if not installed.
    3. Open Malware Remover, click "Start Scan" and wait for Scan Complete
    4. Upgrade the NAS firmware to the latest version use QTS web interface via Control Panel > Firmware Upgrade.

  1. To maximize security, disable port forwarding to stop exposing the NAS to the internet and follow the best practice of enhancing NAS security.

Further Reading



Was this article helpful?

Yes. No.
21% of people think it helps.
Thank you for your feedback.

Please tell us how this article can be improved:

If you want to provide additional feedback, please include it below.

Choose specification

      Show more Less

      Choose Your Country or Region

      back to top