Don't Ignore Security Updates: QNAP Fights Ransomware by Force-Installing NAS Patch

pcmag.com:

In a bid to slow the spread of the DeadBolt ransomware, QNAP last week force-installed updates to its network-attached storage (NAS) devices. It didn't really go according to plan for some users, though, so QNAP today issued a statement about why the move was necessary.

As Bleeping Computer notes, DeadBolt had infected more than 3,600 devices by the time QNAP force-installed a firmware update on products vulnerable to the ransomware. Though a patch was available, QNAP faced a familiar problem: Few people install security updates immediately.

Cybercriminals took advantage "of a patched vulnerability...to launch a cyberattack," QNAP said today. "We understand that services could be interrupted during the update. We are constantly looking for ways to improve our products. Future system software updates may include changes that help users better manage the update process."

According to Bleeping Computer, the update had some unwanted side effects, from severed connections to interrupted ransomware decryptions. QNAP evidently felt it was more important to tackle the ransomware, as a company support rep pointed out on Reddit, ZDNet reports.

"I know there are arguments both ways as to whether or not we should do [force-installs]," the rep known as QNAPDaniel writes. "It is a hard decision to make. But it is because of deadbolt and our desire to stop this attack as soon as possible that we did this."

Daniel points to a previous ransomware strain, Qlocker, which wreaked havoc on QNAP devices in April 2021: "That whole outbreak was after the patch was released. But many people don't apply a security patch on the same day or even the same week it is released. And that makes it much harder to stop a ransomware campaign."

The company