QNAP fixes zero-day vulnerability following Deadbolt ransomware attack
The occurrence of the attack is the fourth in this year's Deadbolt attack series

Taiwanese firm QNAP Systems has alerted customers to ongoing DeadBolt ransomware attacks that began on Saturday.
Per reports, the attack’s backdoor was a vulnerability in the firm’s private cloud storage for photos called Photo Station.
An EDR buyer's guide
How to pick the best endpoint detection and response solution for your business
"QNAP Systems, Inc. today detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet," reads the firm’s security notice.
Since the beginning of the year, the DeadBolt ransomware group has been targeting NAS devices using an alleged zero-day vulnerability on Internet-exposed devices.
In response to the recent attack, QNAP’s product security incident response team (PSIRT) released a patched Photo Station app, urging QNAP NAS users to update to the newest version.
The security updates came 12 hours after DeadBolt began using the zero-day vulnerability in its attacks. To ensure continued services, QNAP also suggested users replace their Photo Station app with QuMagie, a safer photo storage management tool for QNAP NAS devices.
Additionally, the firm advised users to avoid connecting their QNAP NAS devices to the internet as a precaution.
Get the ITPro. daily newsletter
Sign up today and you will receive a free copy of our Focus Report 2025 - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
“We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. This can effectively harden the NAS and decrease the chance of being attacked,” said QNAP in a statement.