Tag Archive for: storage

SNIA Storage Security Summit 2022: Zero Trust or Bust

/in



DeadBolt ransomware takes another shot at QNAP storage • The Register

/in


QNAP is warning users about another wave of DeadBolt ransomware attacks against its network-attached storage (NAS) devices – and urged customers to update their devices’ QTS or QuTS hero operating systems to the latest versions.

The latest outbreak – detailed in a Friday advisory – is at least the fourth campaign by the DeadBolt gang against the vendor’s users this year. According to QNAP officials, this particular run is encrypting files on NAS devices running outdated versions of Linux-based QTS 4.x, which presumably have some sort of exploitable weakness.

The previous attacks occurred in January, March, and May.

Taiwan-based QNAP recommended enterprises whose NAS system have “already been compromised, take the screenshot of the ransom note to keep the bitcoin address, then, upgrade to the latest firmware version and the built-in Malware Remover application will automatically quarantine the ransom note which hijacks the login page.”

They should contact QNAP Assistance if they want to input a decryption key given by the attackers but are unable to find the ransom note after upgrading the firmware.

The cybercriminals behind DeadBolt primarily target NAS devices. QNAP systems are the main targets, though in February the group attacked NAS devices from Asustor, a subsidiary of systems maker Asus, said analysts with cybersecurity firm Trend Micro.

QNAP and its customers are examples of a growing interest by cybercriminals in NAS, Trend Micro wrote in a January report. Businesses are relying more on the Internet of Things (IoT) for constant connectivity, workflow continuity and access to data, the analysts said.

“Cybercriminals have taken notice of this dependence and now regularly update their known tools and routines to include network-attached storage (NAS) devices to their list of targets, knowing full well that users rely on…

Source…

Fact or Fallacy: Is Cloud Storage Safer Than On-Premises Databases?

/in


Fact: Neither the Cloud nor On-Premises Storage Is the Silver Bullet

Ransomware is devastating because attackers can effectively hold data hostage and force K–12 school districts to pay exorbitant sums. If these demands aren’t met, hackers could sit on that encrypted data forever, distribute it or even destroy it.

But, should you pay? Probably not. In its “State of Ransomware 2021” report, Sophos reveals that organizations that paid a ransom recovered just 65 percent of their data on average — while only 8 percent got back everything they’d lost. There’s also no guarantee that attackers won’t retain copies of your data. The decryption process is often unreliable and painstakingly slow. Finally, surrendering payment is legally dubious in many cases, as that could fund further criminal activity.

Overall, no approach is perfect when dealing with ransomware; even expert opinions remain split. That’s why retaining multiple data backups (in multiple locations) is critical to surviving these common attacks. And no backup solution, local or cloud, is perfect, which means that school districts should proceed cautiously. Before doubling down on any solution, IT administrators should do a deep, holistic evaluation of their security and goals.

Fact: Schools Are Legally Mandated to Provide Strong Data Protections

School systems oversee a wide variety of personal data on students, teachers and staff. Digital systems also let students and parents access grades, assignments and other key resources such as documents, media and more. Schools must protect any private data while judiciously delegating access via authorization and authentication.

Thanks to federal regulations such as the Family Educational Rights and Privacy Act, public-facing data (which has low sensitivity) requires fewer protections than tightly controlled data (such as personally identifiable information). Schools must decide what data fits into which box and plan their storage accordingly.

DIVE DEEPER: Understand FERPA, CIPA and other student data privacy laws.

Fact: Local Storage Alone Is Costly, a Hybrid Solution Might Work Best

While pure local storage may seem best, there are costs to consider. Districts…

Source…

DeadBolt ransomware targeting QNAP NAS storage devices

/in


A new ransomware gang known as “DeadBolt” is targeting QNAP NAS customers using an alleged zero-day vulnerability.

The attacks have impacted vulnerable QNAP network-attached storage (NAS) devices exposed to the internet. DeadBolt, the ransomware at the center, appears to be a new gang and ransomware strain, as initial reports came early this week.

Taiwanese hardware vendor QNAP published a blog Wednesday to confirm the ongoing attacks and urge users to secure their devices. Specifically, the blog provides instructions to users on how to check whether an NAS device is accessible from an external IP address, as well as how to change this by disabling port forwarding and Universal Plug and Play functionality.

“DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users’ data for Bitcoin ransom,” the post read. “QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP NAS and routers, and immediately update QTS to the latest available version.”

According to ransom notes posted by alleged victims and security researchers, DeadBolt is demanding 0.03 bitcoin from victims (currently valued at just over $1,100 USD).

“This is not a personal attack. You have been targeted because of the inadequate security provided by your vendor (QNAP),” the ransom note read. QNAP NAS users have dealt with other ransomware variants in recent weeks and months, including variants Qlocker and eCh0raix.

The ransom note includes an additional note from DeadBolt to QNAP, claiming the threat actor is targeting users via a zero-day vulnerability and that in order to receive vulnerability details and a universal decryption key, the vendor must send 50 bitcoin (almost $2,000,000 as of this writing) to the threat actor. Alternatively, QNAP can send 5 bitcoin (approximately $190,000 as of this writing) to receive only the vulnerability details.

deadbolt ransomware qnap nas network attached storage
An alleged screenshot of a DeadBolt ransom note posted in the QNAP NAS Community Forum.

Numerous victim reports can be seen on multiple fronts, including the QNAP NAS Community Forum and r/QNAP on Reddit.

“Hi, my QNAP NAS drive just got attacked by a [ransomware]…

Source…