Warning: DeadBolt Ransomware Targeting Network Attached Storage (NAS) Devices from QNAP

Warning: DeadBolt Ransomware Targeting Network Attached Storage (NAS) devices from QNAP

Short News:-

Ransomware strain known as DeadBolt encrypts QNAP NAS devices using a supposed zero-day vulnerability in the device's software. The strain locks the files with the ".deadbolt" file extension and demands that victims pay the ransom to a unique Bitcoin address. Ransomware groups are increasingly targeting QNAP devices, prompting the company to issue a number of warnings. A master decryption key is also available for purchase for an additional 45 bitcoins (about $1.7 million) if victims agree to the extortion demand.

Detailed News:-

Network-attached storage (NAS) and routers are at risk from a new ransomware variant known as DeadBolt, according to QNAP, a Taiwanese company.

Company Deadbolt has been encrypting users' data and demanding Bitcoin ransoms from all NAS that are exposed to the Internet without any protection, Deadbolt said. Users of QNAP NAS devices are urged to update QTS to the most recent version as soon as possible.

The DeadBolt ransomware has encrypted at least 3,687 devices so far, with most NAS devices located in the United States, Taiwan, France, Italy, the United Kingdom, Hong Kong, Germany, the Netherlands, Poland, and South Korea, according to a Censys IoT search engine query.

If your NAS is public-facing, QNAP recommends that you disable the UPnP function of the QNAP NAS and check if your router's port forwarding function is turned off, as well.

According to Bleeping Computer, DeadBolt ransomware is encrypting QNAP NAS devices using a supposed zero-day vulnerability in the device's software, which prompted Bleeping Computer to issue the advisory. The 25th of January is generally accepted as the start date for the attacks.

For the ransom of 0.03 bitcoins (approximately $1,100), the ransomware strain locks the files with the ".deadbolt" file extension and demands that victims pay the ransom to a unique Bitcoin address.

Ransomware operators have also stated that if QNAP pays them five bitcoins ($186,700), they will reveal the full details of the alleged zero-day flaw. A master decryption key, which can be used to open the files of all the victims, is also available for purchase for an additional 45 bitcoins (about $1.7 million).

If QNAP agreed to the extortion demand, the company acknowledged on Reddit that it had secretly installed an emergency firmware update to its devices "protection" against ransomware, adding "It is a hard decision to make. Our actions, however, were motivated by DeadBolt and a desire to put an end to this attack as quickly as possible."

Ransomware groups and other criminals are increasingly targeting QNAP devices, prompting the company to issue a number of warnings in recent months. To protect NAS devices from ransomware and brute-force attacks, the company advised customers on January 7 that they should not be exposed online.

QNAP said the update was triggered by a QTS Auto Update feature when contacted for comment. DeadBolt ransomware or other malware attacks could have been prevented if QTS had been updated, according to QNAP PSIRT, which stated that "malware exploited one of the vulnerabilities fixed in this release in QSA-21-57."

Attackers may be able to execute arbitrary code on a vulnerable system by exploiting a flaw in the QTS or QuTS hero operating systems, according to the company. There have been several fixes to this problem, including the following:

A build of QTS 5.0.0.1891 and later

build 20211223 of QTS 4.5.4.1892

Heroes of the Storm: QuTS h5.0.0.1892 build 20211222

QuTScloud c5.0.0.1919 build 20220119 and later versions of the software