Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

QNAP Warns NAS Users About New DeadBolt Ransomware Campaign

QNAP has published an advisory about a new stream of DeadBolt ransomware attacks targetting its network-attached storage (NAS) devices worldwide. The company advises customers to immediately update their devices to the latest versions of QTS or QuTS hero operating systems.

The latest DeadBolt ransomware campaign follows the previous attacks reported back in January, March, and May this year. The recent wave of DeadBolt attacks uses AES128 to encrypt files on NAS devices running the QNAP QTS Linux kernel version 4.x. Once encrypted, the attackers demand the individual victim to pay a 0.03 bitcoin for a decryption key.

Meanwhile, the DeadBolt ransomware gang offers multiple payment options for vendors. They must pay a ransom of five bitcoins to get details about the exploit used to target the NAS device. Additionally, vendors can access the master decryption key for 50 bitcoins.

“If your NAS has already been compromised, take the screenshot of the ransom note to keep the bitcoin address, then, upgrade to the latest firmware version and the built-in Malware Remover application will automatically quarantine the ransom note which hijacks the login page,” QNAP explained in its security advisory.

According to QNAP, some customers might be unable to find the ransom note in order to input the decryption key shared by the threat actors. The company encourages users to contact its support team for technical assistance.

QNAP asks users to update their NAS devices

The company didn’t mention which ransomware groups were involved in the ongoing attacks. However, a Trend Micro report published in January suggests that cybercriminals have become increasingly interested in NAS devices over the past few years.

QNAP urges IT admins to keep their NAS updated or block internet access to protect their organizations. Alternatively, customers can prevent malware infections by using modern authentication mechanisms, such as strong passwords and two-factor authentication. It is also recommended to secure connections and ports exposed to the internet.

by Rabia Noureen
Jun 20, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
The Dirty Truth About IT Offboarding Automation

Jul 21, 2023
Aug 25, 2023
Five Tactics Towards Achieving Zero Trust with Azure Active Directory

Aug 29, 2023
Feb 01, 2024

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.