QNAP Devices Targeted in Ransomware Attack

QNAP Systems, Inc. is a Taiwanese company that specializes in network-attached storage equipment for applications such as file sharing, virtualization, storage management, and surveillance.

What Happened?

The DeadBolt ransomware organization is encrypting QNAP NAS systems all around the globe, claiming that they are exploiting a zero-day vulnerability in the device’s firmware to do so.

When the attacks began QNAP clients discovered that their files had been encrypted and that their file names had been added with the.deadbolt file suffix.

#QNAP seem to have a new #Ransomware attack: #Deadbolt. What’s the fix, QNAP?
Each customer being asked to pay 0.03 #BTC pic.twitter.com/1XS1liTZn2

— Wireless-News (@news_wireless) January 25, 2022

QNAP device’s login page is hijacked, and a message reading, “WARNING: Your files have been locked by DeadBolt” is shown instead of ransom notes being placed in each folder on the device.

Source

As BleepingComputer reports, the page advises the victim that they should send 0.03 bitcoins (about $1,100) to a Bitcoin address that is unique to each victim, which is provided in the message.

Following compensation being received, the threat actors say that they will conduct a follow-up transaction to the same address that will contain the decryption key, which may

Read More: https://heimdalsecurity.com/blog/qnap-devices-targeted-in-ransomware-attack/