Network-Attached Storage (NAS) vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware. “QNAP recently detected a new DeadBolt ransomware campaign. According to victim reports so far, the campaign appears to target QNAP NAS devices running QTS 4.x,” QNAP stated. “We are thoroughly investigating the case and will provide further information as soon as possible.” This warning follows multiple other alerts the company has issued since the beginning of 2022. As seen during previous attacks targeting QNAP NAS devices, DeadBolt ransomware hijacks the device’s login page to display a screen stating, “WARNING: Your files have been locked by DeadBolt.” Once launched on a compromised NAS device, DeadBolt uses AES128 to encrypt files, appending a .deadbolt extension to their names. It also replaces the /home/httpd/index.html file so victims will see the ransom note when accessing the encrypted device. After the victims pay a 0.03 bitcoins ransom, the threat actors create a bitcoin transaction to the same bitcoin address containing the decryption key under the OP_RETURN output. DeadBolt ransomware also hit ASUSTOR NAS devices in February, allegedly using a zero-day vulnerability.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security