www.cert.govt.nz
Open in
urlscan Pro
45.60.15.134
Public Scan
URL:
https://www.cert.govt.nz/it-specialists/advisories/qnap-and-asustor-nas-vulnerabilities-exploited-to-deploy-ransomware/
Submission: On June 09 via api from IN — Scanned from NZ
Submission: On June 09 via api from IN — Scanned from NZ
Form analysis
3 forms found in the DOMhttps://www.cert.govt.nz/search
<form action="https://www.cert.govt.nz/search" role="search" class="searchform--menu">
<div class="searchform--menu-holder"><label for="searchterm" class="sr-only">Enter your search term</label> <input type="search" id="searchterm" name="searchterm" value="" placeholder="Enter your search term" autocapitalize="off" autocomplete="off"
autocorrect="off" data-search-securityid="b8b2a74462ac98330550f1c7859492e7a42d638a" class="searchform-input"> <button type="submit" aria-label="Search Cert" class="searchform-submitbutton"><span class="sr-only">Search</span></button></div>
</form>
POST /it-specialists/advisories/qnap-and-asustor-nas-vulnerabilities-exploited-to-deploy-ransomware/Cert\Forms\FeedbackForm/
<form id="FeedbackForm_Cert_Forms_FeedbackForm" action="/it-specialists/advisories/qnap-and-asustor-nas-vulnerabilities-exploited-to-deploy-ransomware/Cert\Forms\FeedbackForm/" method="POST" enctype="application/x-www-form-urlencoded"
class="feedback-form">
<p id="FeedbackForm_Cert_Forms_FeedbackForm_error" class="message " style="display: none"></p>
<fieldset>
<div id="FeedbackForm_Cert_Forms_FeedbackForm_Rating_Holder" class="field optionsetfieldfeedback feedback-field--rating">
<label class="left">Was this helpful?</label>
<div class="middleColumn">
<ul class="optionsetfieldfeedback feedback-field--rating" id="FeedbackForm_Cert_Forms_FeedbackForm_Rating" aria-label="Rate this page from 1 to 5.">
<li class="odd val1">
<input id="FeedbackForm_Cert_Forms_FeedbackForm_Rating_1" class="radio" name="Rating" type="radio" value="1">
<label for="FeedbackForm_Cert_Forms_FeedbackForm_Rating_1">1</label>
</li>
<li class="even val2">
<input id="FeedbackForm_Cert_Forms_FeedbackForm_Rating_2" class="radio" name="Rating" type="radio" value="2">
<label for="FeedbackForm_Cert_Forms_FeedbackForm_Rating_2">2</label>
</li>
<li class="odd val3">
<input id="FeedbackForm_Cert_Forms_FeedbackForm_Rating_3" class="radio" name="Rating" type="radio" value="3">
<label for="FeedbackForm_Cert_Forms_FeedbackForm_Rating_3">3</label>
</li>
<li class="even val4">
<input id="FeedbackForm_Cert_Forms_FeedbackForm_Rating_4" class="radio" name="Rating" type="radio" value="4">
<label for="FeedbackForm_Cert_Forms_FeedbackForm_Rating_4">4</label>
</li>
<li class="odd val5">
<input id="FeedbackForm_Cert_Forms_FeedbackForm_Rating_5" class="radio" name="Rating" type="radio" value="5">
<label for="FeedbackForm_Cert_Forms_FeedbackForm_Rating_5">5</label>
</li>
</ul>
</div>
</div>
<div id="FeedbackForm_Cert_Forms_FeedbackForm_Message_Holder" class="field textarea feedback-field--message">
<label class="left" for="FeedbackForm_Cert_Forms_FeedbackForm_Message">Additional feedback</label>
<div class="middleColumn">
<textarea name="Message" class="textarea feedback-field--message" id="FeedbackForm_Cert_Forms_FeedbackForm_Message" placeholder="Please describe" rows="1" cols="20"></textarea>
</div>
</div>
<input type="hidden" name="SecurityID" value="b8b2a74462ac98330550f1c7859492e7a42d638a" class="hidden" id="FeedbackForm_Cert_Forms_FeedbackForm_SecurityID">
<div class="clear"><!-- --></div>
</fieldset>
<div class="btn-toolbar">
<input type="submit" name="action_submitfeedback" value="Submit" class="action feedback-submit pure-button pure-button--secondary" id="FeedbackForm_Cert_Forms_FeedbackForm_action_submitfeedback">
</div>
</form>
POST /it-specialists/advisories/qnap-and-asustor-nas-vulnerabilities-exploited-to-deploy-ransomware/SubscriptionForm/
<form id="Form_SubscriptionForm" action="/it-specialists/advisories/qnap-and-asustor-nas-vulnerabilities-exploited-to-deploy-ransomware/SubscriptionForm/" method="POST" enctype="application/x-www-form-urlencoded" class="subscription-form">
<p id="Form_SubscriptionForm_error" class="message " style="display: none"></p>
<fieldset>
<legend>Subscribe to updates</legend>
<h2 id="Form_SubscriptionForm_SubscribeTitle">Subscribe to CERTNZ</h2>
<div id="Form_SubscriptionForm_Name_Holder" class="field text">
<label class="left" for="Form_SubscriptionForm_Name">Name</label>
<div class="middleColumn">
<input type="text" name="Name" class="text" id="Form_SubscriptionForm_Name" required="required" aria-required="true" placeholder="e.g. Tim Berners-Lee">
</div>
</div>
<div id="Form_SubscriptionForm_Email_Holder" class="field email text">
<label class="left" for="Form_SubscriptionForm_Email">Email</label>
<div class="middleColumn">
<input type="email" name="Email" class="email text" id="Form_SubscriptionForm_Email" required="required" aria-required="true" placeholder="name@example.co.nz">
</div>
</div>
<p class="subscription-options-intro">Subscribe to</p>
<div id="Form_SubscriptionForm_SubscriptionOption_1_Holder" class="field checkbox">
<input type="checkbox" name="SubscriptionOption_1" value="1" class="checkbox" id="Form_SubscriptionForm_SubscriptionOption_1">
<label class="right" for="Form_SubscriptionForm_SubscriptionOption_1">Online security alerts and information for individuals and businesses </label>
<span class="description">Alerts about the latest cyber security threats, plus information to help you or your business stay secure online. </span>
</div>
<div id="Form_SubscriptionForm_SubscriptionOption_4_Holder" class="field checkbox">
<input type="checkbox" name="SubscriptionOption_4" value="1" class="checkbox" id="Form_SubscriptionForm_SubscriptionOption_4">
<label class="right" for="Form_SubscriptionForm_SubscriptionOption_4">Technical advisories for cyber security professionals </label>
<span class="description">Advisories and guidance for information security specialists about current cyber security threats, vulnerabilities, and how to mitigate their impact.</span>
</div>
<div id="Form_SubscriptionForm_SubscriptionOption_10_Holder" class="field checkbox">
<input type="checkbox" name="SubscriptionOption_10" value="1" class="checkbox" id="Form_SubscriptionForm_SubscriptionOption_10">
<label class="right" for="Form_SubscriptionForm_SubscriptionOption_10">Get Cyber Smart campaign updates</label>
<span class="description">Get Cyber Smart is our awareness campaign for individuals and small to medium businesses. Subscribe to find out about the latest Get Cyber Smart campaigns including our annual Cyber Smart Week event in October. </span>
</div>
<div id="Form_SubscriptionForm_SubscriptionOption_7_Holder" class="field checkbox">
<input type="checkbox" name="SubscriptionOption_7" value="1" class="checkbox" id="Form_SubscriptionForm_SubscriptionOption_7">
<label class="right" for="Form_SubscriptionForm_SubscriptionOption_7">CERT NZ quarterly insights </label>
<span class="description">Our quarterly newsletter provides an update and analysis of the latest reporting numbers along with recent cyber security insights and CERT NZ news.</span>
</div>
<input type="hidden" name="SecurityID" value="b8b2a74462ac98330550f1c7859492e7a42d638a" class="hidden" id="Form_SubscriptionForm_SecurityID">
<div id="Form_SubscriptionForm_Captcha_Holder" class="field customnocaptcha">
<label class="left" for="Form_SubscriptionForm_Captcha">Spam protection</label>
<div class="middleColumn">
<div class="g-recaptcha" id="Nocaptcha-Form_SubscriptionForm_Captcha" data-sitekey="6LcYO4sdAAAAAIj3j8p4eenV-xpuK9RrIxpNTiRL" data-theme="light" data-type="image" data-size="normal" data-form="Form_SubscriptionForm" data-badge=""
data-widgetid="0">
<div style="width: 304px; height: 78px;">
<div><iframe title="reCAPTCHA"
src="https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcYO4sdAAAAAIj3j8p4eenV-xpuK9RrIxpNTiRL&co=aHR0cHM6Ly93d3cuY2VydC5nb3Z0Lm56OjQ0Mw..&hl=en&type=image&v=Xh5Zjh8Od10-SgxpI_tcSnHR&theme=light&size=normal&cb=ju25qd7i"
width="304" height="78" role="presentation" name="a-8rbuv3w8s95s" frameborder="0" scrolling="no"
sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox"></iframe></div><textarea id="g-recaptcha-response" name="g-recaptcha-response"
class="g-recaptcha-response" style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea>
</div><iframe style="display: none;"></iframe>
</div>
<noscript>
<p>You must enable JavaScript to submit this form</p>
</noscript>
</div>
<span class="description">Please tick the box to prove you're a human and help us stop spam.</span>
</div>
<div class="clear"><!-- --></div>
</fieldset>
<div class="btn-toolbar">
<button type="submit" name="action_doSubscribe" value="Subscribe" class="action pure-button subscription-subscribe" id="Form_SubscriptionForm_action_doSubscribe">
<span>Subscribe</span>
</button>
</div>
</form>
Text Content
FIND OUT HOW TO MAKE YOUR BUSINESS MORE SECURE WITH TWO STEPS... TOO EASY! Dismiss Skip to main content Audience selector Select audience Subscribe to updates Follow us on Twitter on Facebook on LinkedIn Enter your search term Search Open menu Return to homepage * Guides * Critical controls * Advisories * News & Events * Report an incident Subscribe to updates Follow us on Twitter on Facebook on LinkedIn 1. Home 2. IT specialists 3. Advisories 4. QNAP and Asustor NAS vulnerabilities exploited to deploy ransomware ADVISORIES Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact. Subscribe to our updates above to be notified as soon as we publish an advisory. 7:45pm, 22 February 2022 TLP Rating: Clear QNAP AND ASUSTOR NAS VULNERABILITIES EXPLOITED TO DEPLOY RANSOMWARE Vulnerabilities in QNAP and Asustor Network Attached Storage (NAS) devices are being actively exploited to deploy ransomware. The encrypted files have a ‘.deadbolt’ extension. QNAP has released updates for the affected software. CERT NZ advises all organisations with QNAP NAS devices to update and then apply all other software updates. WHAT'S HAPPENING SYSTEMS AFFECTED Both QNAP and Asustor NAS devices are being actively targeted by attackers intending to deploy ransomware. QNAP NAS devices that are internet exposed and running QTS and QuTS operating systems, or add-ons with the following versions are affected: * QTS 5.0.0.1891 build 20211221 and later * QTS 4.5.4.1892 build 20211223 and later * QuTS hero h5.0.0.1892 build 20211222 and later * QuTS hero h4.5.4.1892 build 20211223 and later * QuTScloud c5.0.0.1919 build 20220119 and later Asustor devices that are internet exposed and running ADM operating systems including, but not limited to, the following models: * AS5104T, AS5304T, AS6404T, AS7004T, AS5202T, AS6302T, AS1104T WHAT TO LOOK FOR HOW TO TELL IF YOU'RE AFFECTED To discover whether you have Deadbolt ransomware on your system, users can log in to the QNAP or Asustor NAS and run the following command to find all files with the .deadbolt extension: sudo find / -type f -name "*.deadbolt". WHAT TO DO MITIGATION If you have not been breached and still need to have the NAS running, make sure the following has been done: 1. For Asustor devices disable EZ-Connect (service for remote access). 2. Disable SSH. 3. Ensure that the device is not exposed to the internet, particularly the web interface or file shares. 4. If the device is clear of ransomware, update the operating system and all installed add-ons. 5. If in doubt, contact your local technical support for further advice. If you have been compromised with ransomware, do not update your NAS device until it is clean of ransomware. MORE INFORMATION * Further information from the community on the Asustor vulnerability and mitigation advice. External Link * Further information on the QNAP vulnerability and mitigation advice External Link . * CERT NZ Critical control: Securing Internet Exposed Services External Link * Protect Yourself from Deadbolt External Link If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ. Report an incident to CERT NZ External Link For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141. Was this helpful? * 1 * 2 * 3 * 4 * 5 Additional feedback FOOTER * About us * Quarterly reports * Contact us * Traffic light protocol * Resources * Phishing Disruption Service™ Follow us on Twitter on Facebook on LinkedIN * © 2023 CERTNZ * Copyright * Disclaimer * Privacy and information statement Te Kāwanatanga o Aotearoa New Zealand Government >GLOSSARY TERM Subscribe to updates SUBSCRIBE TO CERTNZ Name Email Subscribe to Online security alerts and information for individuals and businesses Alerts about the latest cyber security threats, plus information to help you or your business stay secure online. Technical advisories for cyber security professionals Advisories and guidance for information security specialists about current cyber security threats, vulnerabilities, and how to mitigate their impact. Get Cyber Smart campaign updates Get Cyber Smart is our awareness campaign for individuals and small to medium businesses. Subscribe to find out about the latest Get Cyber Smart campaigns including our annual Cyber Smart Week event in October. CERT NZ quarterly insights Our quarterly newsletter provides an update and analysis of the latest reporting numbers along with recent cyber security insights and CERT NZ news. Spam protection You must enable JavaScript to submit this form Please tick the box to prove you're a human and help us stop spam. Subscribe