DeadBolt, a ransomware strain that was previously seen targeting QNAP NAS devices, is now infecting vulnerable ASUSTOR NAS devices that are accessible from the Internet. The threat actors are demanding 0.03 bitcoins, or approximately $1,150, for the decryption key to decrypt all files stored on infected NAS devices.
Similar to the QNAP NAS attacks last month, the threat actors claim to be using a zero-day vulnerability to compromise and infect the ASUSTOR NAS devices. While currently unknown, it is believed that the vulnerability lies in the EZ Connect function, which allows for remote access to the NAS, or the Plex media server. The threat actors have also demanded a payment from ASUSTOR of 7.5 bitcoins for information related to the zero-day vulnerability used and 50 bitcoins for the master decryption key.
ASUSTOR is planning on releasing a recovery firmware which will make the NAS devices that have been infected usable again. However, this recovery firmware will not be able to decrypt any DeadBolt encrypted files and will instead just restore functionality to the NAS for other uses.