Threat Watch

Emsisoft Releases DeadBolt Ransomware Decryption Tool For QNAP NAS Devices

Last week, QNAP network-attached storage (NAS) users reported being infected with DeadBolt ransomware, which was asking $1,125 in bitcoin to decrypt affected files. After QNAP addressed the issues and pushed out a forced update, many users complained of being unable to use their decryption key.

The firmware update caused the executable to be removed, which in turn removed the landing page to enter the key that was provided by DeadBolt upon paying the ransom. Emsisoft has produced a tool that enables users to run the decryption process.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

It is important to understand this is not a blanket decryption key, users must obtain a key from DeadBolt to run this tool. According to the QNAP support page, users are encouraged to open a support ticket with [RANSOMWARE] in the subject line to receive assistance with decryption. It is also recommended to inspect all router configurations and verify any open ports or port forwarding rules that allow access from external sources, which could put your network at risk.

https://portswigger.net/daily-swig/decryption-key-released-for-deadbolt-ransomware-after-qnap-nas-devices-infected

https://www.emsisoft.com/ransomware-decryption-tools/deadbolt

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support