QNAP, the Taiwanese vendor of Network-Attached Storage (NAS) appliances, warned its customers against ongoing attacks by DeadBolt ransomware. The vendor is recommending its users install the latest security updates.

DeadBolt attacks

QNAP issued an alert in response to the ransomware attacks targeting NAS devices running QTS 4.3.6 and QTS 4.4.1. Since January, the threat actor has been targeting QNAP NAS devices globally. 
  • The operators are claimed to have exploited a zero-day exploit to encrypt the compromised systems. 
  • The attacks have mainly affected the TS-x51 series and TS-x53 series models.
  • Once a system is encrypted, the ransomware adds the .deadboltextension to the name of the locked files and defaces the login page of the device to show details about the attack.

More information 

The hijacked QNAP login screen shows a ransom note demanding 0.03 BTC for the decryption key.
  • The ransom note includes a link named ‘important message for QNAP’ that points to a page offering technical information regarding an alleged zero-day vulnerability in QNAP NAS devices for 5 BTC.
  • Further, the ransomware operators are offering a master decryption key for sale at the price of 50 BTC.

Conclusion

DeadBolt ransomware attacks are ongoing and NAS device users should be aware and prepared for them. QNAP has already forced firmware updates for vulnerable devices. It is recommended to keep OS and devices upgraded with the latest security patches.
Cyware Publisher

Publisher

Cyware