QNAP Ransomware: Thousands Infected with DeadBolt
Thousands of QNAP users have been infected by a new ransomware variant flagged by the network-attached storage (NAS) vendor last week, according to a security vendor.
Taiwan-headquartered QNAP said last week that customers should urgently upgrade their systems to the latest version of its QTS operating systems and take steps to disconnect devices from the internet to mitigate the campaign.
Dubbed “DeadBolt,” the new ransomware variant demands a 0.03 Bitcoin ($1100) payment in return for a decryption key.
“This is not a personal attack,” reads the notice. “You have been targeted because of the inadequate security provided by your vendor (QNAP).”
Inventory firm Censys last week claimed there were around 5000 such devices impacted by the ransomware, although this is out of a total of 130,000 globally.
Interestingly, the vendor observed that the number fell sharply between January 26 and 27.
“Overnight, the number of services with the DeadBolt ransomware dropped by 1061, down to a total of 3927 infected services on the public internet,” it wrote.
“The exact reason for this drop is unknown at the moment, and we are continuing to monitor the situation. But earlier today, Malwarebytes reported that QNAP released a forced automatic update for their Linux-based operating system called QTS to address the vulnerability. This update reportedly removed the ransomware executable and reverted the web interface changes made by the ransomware.”
QNAP’s extorters had given it the opportunity to pay a flat rate of 50 BTC ($1.8m) to decrypt all customer data, but it does not appear to have acceded to these demands.
Some users have reported that decryption keys they were given following payment did not work.
More Stories
LockBit, Black Basta, Play Dominate Ransomware in Q1 2024
The data from ReliaQuest also suggests LockBit faced a significant setback due to law enforcement action Read More
UnitedHealth CEO Confirms Breach Tied to Stolen Credentials, No MFA
Andrew Witty made the claims in a written testimony submitted before a House subcommittee hearing Read More
1 in 5 US Ransomware Attacks Triggers Lawsuit
Comparitech found that 18% of ransomware incidents in the US led to a lawsuit in 2023, with 59% of completed...
Lawsuits and Company Devaluations Await For Breached Firms
New report from Netwrix reveals unplanned expenses impact half of breached firms, including a surge in lawsuits Read More
AI Voice Scam
Scammers tricked a company into believing they were dealing with a BBC presenter. They faked her voice, and accepted money...
DBIR: Vulnerability Exploits Triple as Initial Access Point for Data Breaches
The growth of software supply chain attacks pushed vulnerability exploits to the third most used initial access method, Verizon found...