QNAP Systems, Inc. is a Taiwanese company that specializes in network-attached storage equipment for applications such as file sharing, virtualization, storage management, and surveillance.
The DeadBolt ransomware organization is encrypting QNAP NAS systems all around the globe, claiming that they are exploiting a zero-day vulnerability in the device’s firmware to do so.
When the attacks began QNAP clients discovered that their files had been encrypted and that their file names had been added with the.deadbolt file suffix.
— Wireless-News (@news_wireless) January 25, 2022
QNAP device’s login page is hijacked, and a message reading, “WARNING: Your files have been locked by DeadBolt” is shown instead of ransom notes being placed in each folder on the device.
As BleepingComputer reports, the page advises the victim that they should send 0.03 bitcoins (about $1,100) to a Bitcoin address that is unique to each victim, which is provided in the message.
Following compensation being received, the threat actors say that they will conduct a follow-up transaction to the same address that will contain the decryption key, which may