Home > Cyber News > New Deadbolt Ransomware Hits 3,600 QNAP NAS Devices

New Deadbolt Ransomware Hits 3,600 QNAP NAS Devices

deadbolt ransomwareDeadbolt ransomware recently compromised more than 3,600 QNAP network-attached storage (NAS) devices. As a result of the attack, all data located on the devices has been encrypted by Deadbolt, which is a new strain of ransomware.

Deadbolt Ransomware Hits QNAP NAS Devices

According to the official QNAP statement, “DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users’ data for Bitcoin ransom.” The company is urging all its customers to follow its security setting instructions and immediately update QTS to the latest available version.

The Deadbolt ransom gang uses the .deadbolt file extension which it appends to encrypted files. As per the ransom note, device owners are demanded to pay a ransom in the amount of 0.03 Bitcoin, equaling to $1,1000, to receive a decryption key. However, according to a second Deadbolt ransom note, attackers demand 5 Bitcoin, which is $1,86 million.

If the second ransom is paid, hackers would supposedly reveal the zero-day vulnerability they used to attack QNAP users. Then, additional 50 Bitcoin ($18.6 million) are demanded to release a master decryption key.

To address the issue, QNAP has been pushing silent updates. It is also unknown whether the company has contacted the ransomware operators, or if it paid any of the ransom demands.

Users are also advised to check whether their NAS devices are exposed to the internet:

Open the Security Counselor on your QNAP NAS. Your NAS is exposed to the Internet and at high risk if there shows “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP” on the dashboard.

Further instructions are available in QNAP’s announcement.

Last year, security researchers reported vulnerabilities in several legacy models of QNAP NAS devices. The devices were prone to remote unauthenticated attacks due to two zero-day flaws – CVE-2020-2509 and CVE-2021-36195.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree