Menu
On Tuesday 25th of January 2022, a new ransomware variant called “DeadBolt” was observed targeting devices from Network Attached Storage vendor QNAP. The ransomware variant has been observed demanding a ransom of 0.03BTC (equivalent to $1,100) to unlock the victim’s device. On the ransom note that is attached, there is a link titled “important message for QNAP,” which displays a message that offers QNAP the full details of the alleged zero-day vulnerability the ransomware group is using in their attacks if QNAP pays them 5 Bitcoins (equivalent to $184,000). The message also states that the group is also willing to sell the master decryption key to QNAP for 50 bitcoins (equivalent to $1.85 million).
On the 28th of January 2022, it was observed the number of QNAP devices infected with a new ransomware variant, DeadBolt had fallen. No exact reason could be found to why there is a drop in the number of infect systems but it has reported that on the 26th of January 2022, QNAP released a forced automatic update to address the possible vulnerability. Although there has been evidence that QNAP devices are still be encrypted by the ransomware which could indicate that the threat actors could be exploiting a different vulnerability. Also, research done by the CronUP security researcher and Curated Intel member Germán Fernández has revealed that DeadBolt had already encrypted thousands of QNAP devices.
“All the information we have shows DEADBOLT could be prevented with the build. Theoretically, we cannot exclude the possibility that there is the other vulnerability exploited. We are also interested in the user’s observation,” – QNAP
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
