{"id":45051,"date":"2022-01-28T21:56:00","date_gmt":"2022-01-28T21:56:00","guid":{"rendered":"http:\/\/09bfbe01-fbc0-4c1b-a7d5-dffe0a4cc9ab"},"modified":"2022-01-28T21:56:00","modified_gmt":"2022-01-28T21:56:00","slug":"qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/","title":{"rendered":"QNAP users still struggling with Deadbolt ransomware after forced firmware updates"},"content":{"rendered":"<p>QNAP Network Attached Storage (NAS) device users are still struggling to address a range of issues connected to the Deadbolt ransomware, which began <a href=\"https:\/\/www.zdnet.com\/article\/qnap-warns-nas-users-of-deadbolt-ransomware-urges-customers-to-update\/?ftag=COS-05-10aaa0g&amp;taid=61f44ecd669f060001f1ed64&amp;utm_campaign=trueAnthem%3A+Trending+Content&amp;utm_medium=trueAnthem&amp;utm_source=twitter\" target=\"_blank\" rel=\"noopener\">infecting devices earlier this week<\/a>.&nbsp;<\/p>\n<p>On Tuesday, QNAP NAS users flocked to <a href=\"https:\/\/www.reddit.com\/r\/qnap\/comments\/scm0zv\/deadbolt_ransomware_attack_against_qnaps\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Reddit<\/a> and <a href=\"https:\/\/forum.qnap.com\/viewtopic.php?f=45&amp;t=164797&amp;start=30\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">QNAP forums<\/a> to report ransomware infections. Censys <a href=\"https:\/\/censys.io\/blog\/the-qnapping-of-qnap-devices\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">reported<\/a> that of the&nbsp;<a href=\"https:\/\/search.censys.io\/search?resource=hosts&amp;sort=RELEVANCE&amp;per_page=25&amp;virtual_hosts=EXCLUDE&amp;q=services.tls.certificates.leaf_data.issuer_dn%3A+%22CN%3DQNAP+NAS%22\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">130,000 QNAP NAS devices<\/a>, 4,988 services &#8220;exhibited the&nbsp;<a href=\"https:\/\/search.censys.io\/search?resource=hosts&amp;sort=RELEVANCE&amp;per_page=100&amp;virtual_hosts=INCLUDE&amp;q=services.http.response.html_title%3A+%22ALL+YOUR+FILES+HAVE+BEEN+LOCKED+BY+DEADBOLT.%22\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">telltale signs<\/a>&nbsp;of this specific piece of ransomware.&#8221;<\/p>\n<p>On Friday afternoon, Censys updated its report, telling ZDNet that overnight, the number of exposed and ransomware infected devices went down by 1,061 to 3,927.&nbsp;<\/p>\n<figure class=\"image image-original shortcode-image\"><span class=\"img aspect-set \"><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/article\/decryptor-released-for-deadbolt-ransomware-affecting-qnap-nas-devices\/\" class=\"lazy\" alt=\"qmap-hosts.png\" height=\"auto\" width=\"1200\" data-original=\"https:\/\/www.zdnet.com\/a\/img\/resize\/846c0ba006e481a49ec2450fc540e72837f27bae\/2022\/01\/28\/ed684e37-fe26-460b-bc35-ebd32c311097\/qmap-hosts.png?width=1200&amp;fit=bounds&amp;auto=webp\"><\/span><noscript><span class=\"img aspect-set \"><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/846c0ba006e481a49ec2450fc540e72837f27bae\/2022\/01\/28\/ed684e37-fe26-460b-bc35-ebd32c311097\/qmap-hosts.png?width=1200&amp;fit=bounds&amp;auto=webp\" class alt=\"qmap-hosts.png\" height=\"auto\" width=\"1200\"><\/span><\/noscript><figcaption readability=\"1\"><span class=\"caption\" readability=\"2\"><\/p>\n<p>A map of the infected devices around the world.&nbsp;<\/p>\n<p><\/span><span class=\"credit\"> Censys <\/span><\/figcaption><\/figure>\n<p>&#8220;Why this went down could be for any number of reasons, we&#8217;re still investigating to see if we can pinpoint the reasoning behind this,&#8221; a Censys spokesperson said, theorizing that the decrease could be attributed to a forced update from QNAP.&nbsp;<\/p>\n<p>On Wednesday, QNAP initially&nbsp;<a href=\"https:\/\/www.qnap.com\/en\/security-news\/2022\/take-immediate-actions-to-stop-your-nas-from-exposing-to-the-internet-and-update-qts-to-the-latest-available-version-fight-against-ransomware-together\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">urged<\/a> users to&nbsp;<a href=\"https:\/\/www.qnap.com\/en\/security-advisory\/qsa-21-57\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">update to the latest version of QTS<\/a>, the Linux based operating system developed by the Taiwanese company to run on their devices.<\/p>\n<p>But MalwareBytes <a href=\"https:\/\/blog.malwarebytes.com\/ransomware\/2022\/01\/qnap-update-stops-deadbolt-ransomware-annoys-some-users-starts-debate\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">said<\/a> QNAP pushed out an automatic, forced update with firmware on Thursday containing the latest security updates.<\/p>\n<p>&#8220;Later that day, QNAP took more drastic action and force-updated the firmware for all customers&#8217; NAS devices to version 5.0.0.1891, the latest universal firmware which has been available since December 23rd, 2021,&#8221; MalwareBytes explained.<\/p>\n<section class=\"sharethrough-top placeholder\"> <\/section>\n<p>&#8220;As you might expect after a forced update, a number of unexpected side-effects arose&#8230; The firmware update removed the ransomware executable and the ransom screen used to initiate decryption, which apparently caused some victims who had paid the ransom to be unable to proceed with decrypting the files after the update.&#8221;<\/p>\n<div class=\"relatedContent alignRight\" readability=\"9.8260869565217\">\n<h3 class=\"heading\"> <span class=\"int\">ZDNet Recommends<\/span> <\/h3>\n<div class=\"thumb\"> <a href=\"https:\/\/www.zdnet.com\/article\/best-network-attached-storage\/\" data-omniture-track=\"moduleClick\" data-omniture-track-data=\"{&quot;moduleInfo&quot;: &quot;pinbox&quot;, &quot;pageType&quot;: &quot;article&quot;}\"> <span class=\"img \"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/6388f143916b09a7bdd8af4b387d5dcc041dde70\/2021\/01\/25\/1caaaa9b-87be-4010-947a-797e6a70c036\/emerald-water.png?width=220&amp;height=165&amp;fit=bounds&amp;auto=webp\" class alt=\"The best network-attached storage devices\" height=\"165\" width=\"220\"><\/span> <\/a> <\/div>\n<p class=\"title\"> <a href=\"https:\/\/www.zdnet.com\/article\/best-network-attached-storage\/\" data-omniture-track=\"moduleClick\" data-omniture-track-data=\"{&quot;moduleInfo&quot;: &quot;pinbox&quot;, &quot;pageType&quot;: &quot;article&quot;}\"> The best network-attached storage devices <\/a> <\/p>\n<p class=\"dek\">If cloud-based servers don&#8217;t meet all of your storage needs, consider a NAS solution. We selected a handful of devices that passed our reliability torture tests and offer superior usability and feature sets.<\/p>\n<p class=\"read-more\"> <a href=\"https:\/\/www.zdnet.com\/article\/best-network-attached-storage\/\" data-omniture-track=\"moduleClick\" data-omniture-track-data=\"{&quot;moduleInfo&quot;: &quot;pinbox&quot;, &quot;pageType&quot;: &quot;article&quot;}\">Read More<\/a> <\/p>\n<\/p><\/div>\n<p>QNAP <a href=\"https:\/\/www.reddit.com\/r\/qnap\/comments\/sdz7e5\/you_want_to_know_why_your_qnap_updated_last_night\/huhlp5t\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">responded<\/a> to the controversy over the forced update on Reddit. A company representative explained why they decided to force the update, noting that it had been urging users to update their systems since January 7.<\/p>\n<p>&#8220;In QTS there was a message in control panel\/auto-update that &#8216;QTS\/QuTS hero will enable recommended version update soon to protect nas from deadbolt.&#8217; But I think a lot of people did not see that message. We are trying to increase protection against deadbolt. If recommended update is enabled under auto-update, then as soon as we have a security patch, it can be applied right away,&#8221; the company spokesperson said.&nbsp;<\/p>\n<p>The message drew several furious responses from people who said the forced update caused <a href=\"https:\/\/www.reddit.com\/r\/qnap\/comments\/sdz7e5\/comment\/huij1yj\/?utm_source=share&amp;utm_medium=web2x&amp;context=3\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">a number of downstream issues<\/a>. Others said it was <a href=\"https:\/\/www.reddit.com\/r\/qnap\/comments\/sdz7e5\/comment\/hui27t3\/?utm_source=share&amp;utm_medium=web2x&amp;context=3\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">concerning the company had a backdoor<\/a> into their systems, while some said the forced update <a href=\"https:\/\/www.reddit.com\/r\/qnap\/comments\/sdz7e5\/comment\/hui22mm\/?utm_source=share&amp;utm_medium=web2x&amp;context=3\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">did little to actually address<\/a> the issues of people who had already been infected with Deadbolt.&nbsp;<\/p>\n<p>Even with the update, at least one user <a href=\"https:\/\/forum.qnap.com\/viewtopic.php?p=808956#p808956\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">confirmed<\/a> getting hit with Deadbolt while using 5.0.0.1891 build 20211221 on a tvs-1282t3. QNAP would not confirm or deny that there was another vulnerability being exploited, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-deadbolt-ransomware-targets-qnap-devices-asks-50-btc-for-master-key\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">according to Bleeping Computer<\/a>.&nbsp;<\/p>\n<p>Recorded Future ransomware expert Allan Liska said this kind of specialty ransomware is very hard to defend against and commended QNAP for releasing a detailed guide to securing the appliance earlier this month.&nbsp;<\/p>\n<p>&#8220;It is difficult to defend against because the device is controlled by the manufacturer. Unless you are a company with the resources to enable compensating controls, you are largely at the mercy of the vendor,&#8221; Liska said.&nbsp;<\/p>\n<p>&#8220;For most IoT devices, this doesn&#8217;t matter too much. If someone launches a ransomware attack against my lightbulbs, I can just reset and go on with my life. But when those IoT devices hold all of your data, it is a very different matter.&#8221;<\/p>\n<h2><strong>Decryptor issues<\/strong><\/h2>\n<p>Security company Emsisoft <a href=\"https:\/\/www.emsisoft.com\/ransomware-decryption-tools\/deadbolt\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">released<\/a> its own version of a decryptor after several victims reported having issues with the decryptor they received after paying a ransom. Some users even said they never got a decryptor after paying the ransom, while others said the decryptor malfunctioned.&nbsp;<\/p>\n<p>Unfortunately, Emsisoft&#8217;s decryptor requires users to have already paid the ransom and received the decryption keys from the Deadbolt ransomware operators.&nbsp;<\/p>\n<p>Deadbolt&#8217;s ransom note says victims need to pay 0.03 BTC (equivalent to USD 1,100) to unlock their hacked device and that it &#8220;is not a personal attack.&#8221; They offered to give QNAP a universal decryptor for 50 BTC.<\/p>\n<p>Emsisoft&#8217;s Brett Callow told <em>ZDNet<\/em> that the situation was similar to REvil&#8217;s attack on Kaseya in that, in both cases, the threat actor asked for relatively small payments from individual victims as well as providing the company with an option to settle for a much larger sum on behalf of their affected customers.&nbsp;<\/p>\n<p>&#8220;The strategy makes sense as it increases the likelihood of the attack being monetized. Users who paid the demand experienced problems after QNAP&#8217;s forced update reportedly removed the ransomware executable making decryption impossible. That&#8217;s one of the reasons we released the decryptor,&#8221; Callow said.&nbsp;<\/p>\n<p>Liska said ransomware groups are notorious for providing poor decryption software and noted that it is not uncommon for incident response teams to take the key given by the ransomware group and ignore the decryption code.<\/p>\n<p>&#8220;The reason for Emsisoft to release a decryptor is to make sure victims have something they know will work once they get the key,&#8221; Liska explained.<\/p>\n<p>Liska also slammed the people behind the attack, questioning their insistence that the attack wasn&#8217;t &#8220;personal.&#8221;<\/p>\n<p>&#8220;It is a personal attack. People often have their digital lives stored on these devices. Whether it is photos, work, the book they have been writing, or the program they have been developing, this stuff is important to them. And the attackers just took that away from them,&#8221; Liska added.&nbsp;<\/p>\n<p>&#8220;The attacker can dress it up as &#8216;poor vendor security&#8217; all they want, but it is just a sign they are shitty people that have no regard for their fellow human beings.&#8221;<\/p>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/decryptor-released-for-deadbolt-ransomware-affecting-qnap-nas-devices\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Censys said about 4,000 devices are still infected with Deadbolt ransomware.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-45051","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>QNAP users still struggling with Deadbolt ransomware after forced firmware updates 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"QNAP users still struggling with Deadbolt ransomware after forced firmware updates 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-28T21:56:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/article\/decryptor-released-for-deadbolt-ransomware-affecting-qnap-nas-devices\/\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"QNAP users still struggling with Deadbolt ransomware after forced firmware updates\",\"datePublished\":\"2022-01-28T21:56:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\\\/\"},\"wordCount\":1022,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/decryptor-released-for-deadbolt-ransomware-affecting-qnap-nas-devices\\\/\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\\\/\",\"name\":\"QNAP users still struggling with Deadbolt ransomware after forced firmware updates 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/decryptor-released-for-deadbolt-ransomware-affecting-qnap-nas-devices\\\/\",\"datePublished\":\"2022-01-28T21:56:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/decryptor-released-for-deadbolt-ransomware-affecting-qnap-nas-devices\\\/\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/decryptor-released-for-deadbolt-ransomware-affecting-qnap-nas-devices\\\/\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"QNAP users still struggling with Deadbolt ransomware after forced firmware updates\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"QNAP users still struggling with Deadbolt ransomware after forced firmware updates 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/","og_locale":"en_US","og_type":"article","og_title":"QNAP users still struggling with Deadbolt ransomware after forced firmware updates 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-01-28T21:56:00+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/article\/decryptor-released-for-deadbolt-ransomware-affecting-qnap-nas-devices\/","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"QNAP users still struggling with Deadbolt ransomware after forced firmware updates","datePublished":"2022-01-28T21:56:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/"},"wordCount":1022,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/article\/decryptor-released-for-deadbolt-ransomware-affecting-qnap-nas-devices\/","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/","url":"https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/","name":"QNAP users still struggling with Deadbolt ransomware after forced firmware updates 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/article\/decryptor-released-for-deadbolt-ransomware-affecting-qnap-nas-devices\/","datePublished":"2022-01-28T21:56:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/#primaryimage","url":"https:\/\/www.zdnet.com\/article\/decryptor-released-for-deadbolt-ransomware-affecting-qnap-nas-devices\/","contentUrl":"https:\/\/www.zdnet.com\/article\/decryptor-released-for-deadbolt-ransomware-affecting-qnap-nas-devices\/"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/qnap-users-still-struggling-with-deadbolt-ransomware-after-forced-firmware-updates\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"QNAP users still struggling with Deadbolt ransomware after forced firmware updates"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45051","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=45051"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45051\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=45051"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=45051"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=45051"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}