UK’s leading double-glazing installer Safestyle is hit by ransomware attack
January 28, 2022
Ransomware attack results in Curo Fund Services being locked out of systems for five days
January 30, 2022

QNAP forces automatic update after DeadBolt ransomware encrypts thousands of devices

On Tuesday 25th of January 2022, a new ransomware variant called “DeadBolt” was observed targeting devices from Network Attached Storage vendor QNAP. The ransomware variant has been observed demanding a ransom of 0.03BTC (equivalent to $1,100) to unlock the victim’s device. On the ransom note that is attached, there is a link titled “important message for QNAP,” which displays a message that offers QNAP the full details of the alleged zero-day vulnerability the ransomware group is using in their attacks if QNAP pays them 5 Bitcoins (equivalent to $184,000). The message also states that the group is also willing to sell the master decryption key to QNAP for 50 bitcoins (equivalent to $1.85 million).

On the 28th of January 2022, it was observed the number of QNAP devices infected with a new ransomware variant, DeadBolt had fallen. No exact reason could be found to why there is a drop in the number of infect systems but it has reported that on the 26th of January 2022, QNAP released a forced automatic update to address the possible vulnerability. Although there has been evidence that QNAP devices are still be encrypted by the ransomware which could indicate that the threat actors could be exploiting a different vulnerability. Also, research done by the CronUP security researcher and Curated Intel member Germán Fernández has revealed that DeadBolt had already encrypted thousands of QNAP devices.

“All the information we have shows DEADBOLT could be prevented with the build. Theoretically, we cannot exclude the possibility that there is the other vulnerability exploited. We are also interested in the user’s observation,” – QNAP

Leave a Reply

Your email address will not be published.