QNAP Warns NAS Users About New DeadBolt Ransomware Campaign
QNAP has published an advisory about a new stream of DeadBolt ransomware attacks targetting its network-attached storage (NAS) devices worldwide. The company advises customers to immediately update their devices to the latest versions of QTS or QuTS hero operating systems.
The latest DeadBolt ransomware campaign follows the previous attacks reported back in January, March, and May this year. The recent wave of DeadBolt attacks uses AES128 to encrypt files on NAS devices running the QNAP QTS Linux kernel version 4.x. Once encrypted, the attackers demand the individual victim to pay a 0.03 bitcoin for a decryption key.
Meanwhile, the DeadBolt ransomware gang offers multiple payment options for vendors. They must pay a ransom of five bitcoins to get details about the exploit used to target the NAS device. Additionally, vendors can access the master decryption key for 50 bitcoins.
“If your NAS has already been compromised, take the screenshot of the ransom note to keep the bitcoin address, then, upgrade to the latest firmware version and the built-in Malware Remover application will automatically quarantine the ransom note which hijacks the login page,” QNAP explained in its security advisory.
According to QNAP, some customers might be unable to find the ransom note in order to input the decryption key shared by the threat actors. The company encourages users to contact its support team for technical assistance.
QNAP asks users to update their NAS devices
The company didn’t mention which ransomware groups were involved in the ongoing attacks. However, a Trend Micro report published in January suggests that cybercriminals have become increasingly interested in NAS devices over the past few years.
QNAP urges IT admins to keep their NAS updated or block internet access to protect their organizations. Alternatively, customers can prevent malware infections by using modern authentication mechanisms, such as strong passwords and two-factor authentication. It is also recommended to secure connections and ports exposed to the internet.
More in Security
Microsoft Defender Vulnerability Management Adds New CVE Reporting Feature
Jun 30, 2022 | Rabia Noureen
Microsoft Releases Patches to Address Azure FabricScape Flaw Affecting Linux Workloads
Jun 29, 2022 | Rabia Noureen
Microsoft Defender for Identity Can Now Detect Insecure Domain Configurations
Jun 27, 2022 | Rabia Noureen
CISA Warns Unpatched VMware Servers Remain Vulnerable to Log4Shell
Jun 24, 2022 | Rabia Noureen
QNAP Releases Patch to Fix PHP Security Flaw Affecting Select NAS Devices
Jun 23, 2022 | Rabia Noureen
Microsoft Unveils New Edge Secured-Core IoT Devices to Block Firmware Attacks
Jun 22, 2022 | Rabia Noureen
Most popular on petri