Latest DeadBolt Ransomware Attacks QNAP Systems

Latest DeadBolt Ransomware Attacks QNAP Systems

A new DeadBolt ransomware gang is encrypting QNAP NAS systems all around the world, claiming that the device’s firmware has a zero-day vulnerability. The attacks began on January 25th, when QNAP devices discovered their files had been encrypted and their names had been added with a .deadbolt file extension.

Instead of writing ransom notes within every folder on the device, the QNAP device’s login page is hacked to display a message reading, “WARNING: Your files have been locked by DeadBolt.” This screen instructs the victim to send 0.03 bitcoins (about $1,100) to a Bitcoin address that is different for every victim.

Following payment, the threat actors claim to send a follow-up transaction to the same address with the decryption key, which may be obtained by following the guidelines. The device’s files may then be decrypted using this decryption key, which can be input into the screen in order to decrypt the device’s files. However, there is no guarantee that paying a ransom will result in the receipt of a decryption key or that users will be able to decrypt files.

BleepingComputer reported some fifteen victims of the DeadBolt ransomware attack, which had no specific targeted region.

The DeadBolt attacks, like all other ransomware attacks against QNAP devices, only impact machines that are connected to the Internet. Because the threat actors claim to be using a zero-day vulnerability, all QNAP customers are strongly urged to disconnect their devices from the Internet and secure them with a firewall. As QNAP owners are being targeted by two more ransomware families, Qlocker and eCh0raix, all owners must follow these preventive measures to avoid future attacks.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.

Share:

Share on facebook
Share on twitter
Share on linkedin