DeadBolt Ransomware Resurfaces to Hit QNAP Again

A new steady stream of attacks against network-attached storage devices from the Taiwan-based vendor is similar to a wave that occurred in January.

DeadBolt ransomware has resurfaced in a new wave of attacks on QNAP that begin in mid-March and signals a new targeting of the Taiwan-based network-attached storage (NAS) devices by the fledgling threat, researchers said.

Researchers from Censys, which provides attack-surface management solutions, said they observed DeadBolt infections on QNAP gear ramp up slowly starting March 16, with a total of 373 infections that day. That number that rose to 1,146 devices by March 19, according to a blog post by Censys senior security researcher Mark Ellzey.

The current attacks harken back to January, when the company had to push out an unplanned update to its NAS devices, one that not all customers welcomed. The update was meant to clean up after DeadBolt attacks that were greeting customers with the ransomware group’s screen when they logged in, effectively locking them out of the device.

The new wave of attacks ostensibly follow the same pattern as January’s wave, but the majority of the victims are running the QNAP QTS Linux kernel version 5.10.60, Ellzey said.

Read More: