DeadBolt and Ech0raix Ransomware Are Attacking QNAP Devices

A new DeadBolt ransomware campaign has been brought to the attention of individuals and enterprises who use network-attached storage (NAS) machines manufactured by QNAP Systems, which is located in Taiwan.

As HELPNETSECURITY explained, there also seems to be a fresh ech0raix/QNAPCrypt campaign that is now running; however, QNAP has not yet commented on this matter.

Consumers and small to medium-sized enterprises are the most common users of network-attached storage (NAS) devices because of their ability to store, manage, and share backups and data. Because of this, cybercriminals that use ransomware and engage in double extortion schemes may find them to be an alluring target.

Because NAS devices are frequently accessible remotely via the internet, cybercriminals typically exploit software/firmware vulnerabilities or brute-force admin account passwords in order to gain access to them, steal and encrypt the files stored on them, and then demand a ransom in order to restore the files. Sometimes their security is breached, and cryptominers are installed on their computers.

NAS devices made by QNAP and Synology are often the primary targets of an attack, however, NAS devices made by other manufacturers (including Western Digital, Seagate, Zyxel, and others) are also sometimes attacked.

 QNAP recently detected a

Read More: