Deadbolt ransomware: The real weapon against IoT devices

Deadbolt ransomware is on the rise. More recently, this malware has impacted QNAP NAS appliances and ASUSTOR network-attached storage (NAS) devices. One of the most popular threads about these attacks can be found on Reddit, where a ransomware victim explains how to identify damaged devices and defeat this ransomware.

Figure 1: Deadbolt thread on Reddit (source).

The QNAP NAS and ASUSTOR device’s files have been damaged and encrypted by Deadbolt ransomware. According to the ransomware operators, the malicious piece takes advantage of a zero-day vulnerability. Although there are few details about the root causes, ASUSTOR explained that the NAS devices had been encrypted via a flaw in the PLEX media server os EZ Connect that allows access to the devices.

Figure 2: Advisory by ASUSTOR in response to the Deadbolt attacks.

By using Shodan dork, we can observe that a large number of devices (2834) were hit with this ransomware and are still damaged.

Figure 3: 2834 devices still damaged by Deadbolt ransomware at the moment of analysis.

In detail, we can observe around 500 devices geolocated in the U.S., followed by France, Taiwan and Japan as the most impacted countries.

Deadbolt ransomware details

The ransomware damages all

Read More: https://resources.infosecinstitute.com/topic/deadbolt-ransomware-the-real-weapon-against-iot-devices/