What should I do if I found the NAS encrypted by Deadbolt?
Applicable Products
- Security
- Malware Remover
Detail
You may have received the following message:
Detected high-risk malware. To protect your device, please immediately update the firmware to the latest version, restart the device, and then perform a malware scan to remove the malware.
After investigation, we believe that the attack is related to qsa-22-24.
We strongly recommend performing the following steps:
Take a screenshot of deadbolt ransomware page and save the file to your computer.
Access QTS web interface by adding /cgi-bin/index.cgi after the URL https://NAS_IP or http://NAS_IP:8080.
(for example the NAS has IP address has 192.168.0.2 , using https://192.168.0.2/cgi-bin/index.cgi or http://192.168.0.2:8080/cgi-bin/index.cgi)Log in to QTS as an administrator
- Go to myQNAPcloud app > Auto Router Configuration, disable Auto Router Configuration.
- Open App Center, upgrade all the apps to latest version and install Malware Remover if not installed.
- Open Malware Remover, click "Start Scan" and wait for Scan Complete
- Upgrade the NAS firmware to the latest version use QTS web interface via Control Panel > Firmware Upgrade.
To maximize security, disable port forwarding to stop exposing the NAS to the internet and follow the best practice of enhancing NAS security.
