Network-attached storage (NAS) devices made by QNAP are being targeted in new attack campaigns involving DeadBolt and eCh0raix ransomware.
For more than half a year, QNAP NAS devices have been targeted in several DeadBolt ransomware campaigns in which the attackers hijack a vulnerable device’s login page to display a ransom note, and also encrypt the files on the device, appending the .deadbolt extension to them.
In January 2022, the attackers were demanding from their victims a 0.03 bitcoin payment in exchange for the decryption key.
Furthermore, they were asking for a 5 bitcoin payment in exchange for information on a zero-day in QNAP’s NAS devices that they were allegedly exploiting for initial access, and 50 bitcoin for a master key for the ransomware and full details on the vulnerability.
Following the January wave of DeadBolt attacks, security researchers observed a new campaign in March, one month after the ransomware was seen targeting NAS appliances made by Asustor. Another series of DeadBolt attacks on QNAP appliances was seen in May.
Last week, QNAP published an advisory to warn of a new DeadBolt ransomware campaign that has been targeting NAS devices running outdated versions of QTS 4.x.
QNAP said it was still investigating the attack and did not provide additional information, but the company urged users to update QTS or QuTS hero to the latest available version.
“If your NAS has already been compromised, take the screenshot of the ransom note to keep the bitcoin address, then, upgrade to the latest firmware version and the built-in Malware Remover application will automatically quarantine the ransom note which hijacks the login page,” QNAP told users.
Users who received a decryption key from the attackers and cannot locate the ransom note after the firmware upgrade are advised to contact QNAP Support for assistance.
According to BleepingComputer, DeadBolt is not the only ransomware family targeting internet-accessible and improperly protected QNAP devices at the moment, as many users have been complaining of eCh0raix ransomware attacks as well.
“QNAP devices are very attractive to cyber criminals whose strategy is to ask a large number of victims for a small amount of money (as opposed to few victims being asked for large amounts). The ~$900 asked for as ransom is at a level where many operators of the devices will choose to pay rather than get their IT or security teams involved (and potentially face internal consequences for not having properly onboarded and secured the devices),” Bud Broomhead, CEO at IoT cyber hygiene firm Viakoo, said in an emailed comment.
Related: QNAP Patches Critical Vulnerability in Network Surveillance Products
Related: QNAP Says Recently Patched Flaw Exploited in Qlocker Ransomware Attacks
More from Ionut Arghire
- OpenAI Patches Account Takeover Vulnerabilities in ChatGPT
- New Wi-Fi Attack Allows Traffic Interception, Security Bypass
- Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims
- Over 200 Organizations Targeted in Chinese Cyberespionage Campaign
- Nigerian BEC Scammer Sentenced to Prison in US
- China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
- iOS Security Update Patches Exploited Vulnerability in Older iPhones
Latest News
- Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App
- LeapXpert Banks $22M Funding to Secure Corporate Messaging With Consumer Apps
- Blockchain Security Firm True I/O Raises $9 Million
- Spera Banks $10 Million to Tackle Identity and Access Sprawl
- OpenAI Patches Account Takeover Vulnerabilities in ChatGPT
- OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023
- New Wi-Fi Attack Allows Traffic Interception, Security Bypass
- Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims
