Operators of the dreaded Deadbolt ransomware are attacking network-attached storage (NAS (opens in new tab)) users and NAS manufacturers in equal measure.
In a study (opens in new tab) titled “Deadbolt ransomware: nothing but NASty”, Cybersecurity researchers from Group-IB published their analysis of an ongoing ransomware attack campaign being waged against NAS devices built by the Taiwanese manufacturer QNAP.
The attackers are using a zero-day exploit (a never-before-seen vulnerability) in QNAP’s NAS devices to compromise the endpoints and deliver the malware (opens in new tab) variant to small and medium-sized businesses (SMB), schools, and regular consumers.
10 BTC for technical details
In their dealings with victims, Deadbolt's operators demanded anywhere between 0.03 and 0.05 bitcoin (roughly between $500 and $1,000) in exchange for the decryption key.
However, the researchers also found that the ransomware gang reached out to QNAP itself, and demanded a much higher ransom in exchange for valuable data on their operations.
“For a ransom of 10 BTC ($192,000), the threat actors promised the NAS vendor, QNAP, that they would share all the technical details relating to the zero-day vulnerability that they manipulated, and for 50 BTC ($959,000) they offered to include the master key to decrypt the files belonging to the vendor’s clients who had fallen victim to the campaign,” Group-IB wrote in its report.
Given that the number of successful attacks on QNAP NAS devices rose almost sevenfold this summer, it’s safe to assume that QNAP kindly declined the offer.
Most of the infections happened in the United States, Germany, and Italy.
While the group behind Deadbolt is trying to extort as much money as possible, the police are hot on their trail, and making good progress on neutralising the threat.
According to InfoSecurity (opens in new tab), Dutch police managed to trick the operators into giving away more than 150 decryption keys earlier this month. They did so by quickly withdrawing the payment for the decryption keys, before it was confirmed.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba