{"id":6227,"date":"2022-01-28T23:47:54","date_gmt":"2022-01-28T14:47:54","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=6227"},"modified":"2022-02-03T23:51:41","modified_gmt":"2022-02-03T14:51:41","slug":"qnap-forces-automatic-update-after-deadbolt-ransomware-encrypts-thousands-of-devices","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/qnap-forces-automatic-update-after-deadbolt-ransomware-encrypts-thousands-of-devices\/","title":{"rendered":"QNAP forces automatic update after DeadBolt ransomware encrypts thousands of devices"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"6227\" class=\"elementor elementor-6227\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-70eefb6 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"70eefb6\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7b2d1e4\" data-id=\"7b2d1e4\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a600ad5 elementor-widget elementor-widget-text-editor\" data-id=\"a600ad5\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>On Tuesday 25<sup>th<\/sup> of January 2022, a new ransomware variant called \u201cDeadBolt\u201d was observed targeting devices from Network Attached Storage vendor QNAP. The ransomware variant has been observed demanding a ransom of 0.03BTC (equivalent to $1,100) to unlock the victim\u2019s device. On the ransom note that is attached, there is a link titled &#8220;important message for QNAP,&#8221; which displays a message that offers QNAP the full details of the alleged zero-day vulnerability the ransomware group is using in their attacks if QNAP pays them 5 Bitcoins (equivalent to $184,000). The message also states that the group is also willing to sell the master decryption key to QNAP for 50 bitcoins (equivalent to $1.85 million).<\/p><p>On the 28<sup>th<\/sup> of January 2022, it was observed the number of QNAP devices infected with a new ransomware variant, DeadBolt had fallen. No exact reason could be found to why there is a drop in the number of infect systems but it has reported that on the 26<sup>th<\/sup> of January 2022, QNAP released a forced automatic update to address the possible vulnerability. Although there has been evidence that QNAP devices are still be encrypted by the ransomware which could indicate that the threat actors could be exploiting a different vulnerability. Also, research done by the CronUP security researcher and Curated Intel member Germ\u00e1n Fern\u00e1ndez has revealed that DeadBolt had already encrypted thousands of QNAP devices.<\/p><p>\u201cAll the information we have shows DEADBOLT could be prevented with the build. Theoretically, we cannot exclude the possibility that there is the other vulnerability exploited. We are also interested in the user&#8217;s observation,&#8221; &#8211; QNAP<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>On Tuesday 25th of January 2022, a new ransomware variant called \u201cDeadBolt\u201d was observed targeting devices from Network Attached Storage vendor QNAP. The ransomware variant has been observed demanding a ransom of 0.03BTC (equivalent to $1,100) to unlock the victim\u2019s device. On the ransom note that is attached, there is a link titled &#8220;important message for QNAP,&#8221; which displays a<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":6232,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,10,12,9,2,1],"tags":[],"class_list":["post-6227","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest_news","category-latest_vulnerabilities","category-read_article","category-ransomware_criminals","category-ce_news","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2022\/02\/Picture1-29.jpg?fit=1379%2C919&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6227"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=6227"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6227\/revisions"}],"predecessor-version":[{"id":6235,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6227\/revisions\/6235"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/6232"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=6227"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=6227"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=6227"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}