Last week, QNAP network-attached storage (NAS) users reported being infected with DeadBolt ransomware, which was asking $1,125 in bitcoin to decrypt affected files. After QNAP addressed the issues and pushed out a forced update, many users complained of being unable to use their decryption key.
The firmware update caused the executable to be removed, which in turn removed the landing page to enter the key that was provided by DeadBolt upon paying the ransom. Emsisoft has produced a tool that enables users to run the decryption process.
Analyst Notes
It is important to understand this is not a blanket decryption key, users must obtain a key from DeadBolt to run this tool. According to the QNAP support page, users are encouraged to open a support ticket with [RANSOMWARE] in the subject line to receive assistance with decryption. It is also recommended to inspect all router configurations and verify any open ports or port forwarding rules that allow access from external sources, which could put your network at risk.
https://portswigger.net/daily-swig/decryption-key-released-for-deadbolt-ransomware-after-qnap-nas-devices-infected
https://www.emsisoft.com/ransomware-decryption-tools/deadbolt
