QNAP Warns NAS Users About New DeadBolt Ransomware Campaign
QNAP has published an advisory about a new stream of DeadBolt ransomware attacks targetting its network-attached storage (NAS) devices worldwide. The company advises customers to immediately update their devices to the latest versions of QTS or QuTS hero operating systems.
The latest DeadBolt ransomware campaign follows the previous attacks reported back in January, March, and May this year. The recent wave of DeadBolt attacks uses AES128 to encrypt files on NAS devices running the QNAP QTS Linux kernel version 4.x. Once encrypted, the attackers demand the individual victim to pay a 0.03 bitcoin for a decryption key.
Meanwhile, the DeadBolt ransomware gang offers multiple payment options for vendors. They must pay a ransom of five bitcoins to get details about the exploit used to target the NAS device. Additionally, vendors can access the master decryption key for 50 bitcoins.
“If your NAS has already been compromised, take the screenshot of the ransom note to keep the bitcoin address, then, upgrade to the latest firmware version and the built-in Malware Remover application will automatically quarantine the ransom note which hijacks the login page,” QNAP explained in its security advisory.
According to QNAP, some customers might be unable to find the ransom note in order to input the decryption key shared by the threat actors. The company encourages users to contact its support team for technical assistance.
QNAP asks users to update their NAS devices
The company didn’t mention which ransomware groups were involved in the ongoing attacks. However, a Trend Micro report published in January suggests that cybercriminals have become increasingly interested in NAS devices over the past few years.
QNAP urges IT admins to keep their NAS updated or block internet access to protect their organizations. Alternatively, customers can prevent malware infections by using modern authentication mechanisms, such as strong passwords and two-factor authentication. It is also recommended to secure connections and ports exposed to the internet.
More in Security
Petri Dish: Cybersecurity vs IT Security with Devolutions
Sep 28, 2022 | Russell Smith
Stop MFA Fatigue with Additional Context and Number Matching for Microsoft Authenticator
Sep 22, 2022 | Rabia Noureen
Researchers Warn About New Shikitega Malware Targeting Linux Endpoints and IoT Devices
Sep 12, 2022 | Rabia Noureen
LastPass Confirms Internal Source Code Compromised in Security Breach
Aug 26, 2022 | Rabia Noureen
Avast Gets New Ransomware Shield to Protect Small Businesses
Aug 24, 2022 | Rabia Noureen
Mandiant Warns Hackers Now Use New Trick to Bypass MFA
Aug 22, 2022 | Rabia Noureen
Most popular on petri