3600 QNAP’s Devices Compromised by DeadBolt Cyber Attackers

3600 QNAP’s Devices Compromised by DeadBolt Cyber Attackers

The cyber-world is again hit by some cyber attackers with the name of DeadBolt, on the encrypted internet-exposed 3,600 NAS devices of QNAP through a fresh ransomware operation.

About the incident:

DeadBolt Cyber Attackers used ransomware infection to compromise almost 3,600 NAS (Network Attached Storage) Devices all over the world.  The key points related to the incident are as follows:

• DeadBolt Attackers used the zero-day vulnerability to abuse and infect 3,600 QNAP devices and encrypt files using ransomware.
• A QNAP Security researcher and selected intel personnel find out that DeadBold has already encrypted thousands of NAS devices of QNAP.  The most badly affected nations comprise the U.S.A., France, Taiwan, Italy, and the U.K.
• According to some sources, the attackers changed the casual HTML login page and left their ransom money note showcasing 0.03 bitcoins (nearly around $1,100) for having a decryption key and restoration database.
• Apart from that, sources also say that DeadBolt has demanded more ransom by offering the master decryption key to decrypt all infected QNAP devices for 5 bitcoins (approx. $1,85,000) and if they are willing to have the info related to the alleged corresponding zero-day vulnerability for 50 bitcoins (approx. $1.85 million).

QNAP asks for Quick Patching

Following the heinous ransomware attack on its servers, QNAP beware all of its customers to secure their NAS devices against the Data Breaching of DeadBolt by duly updating their QTS software to its latest version and deactivating port forwarding and UPnP.  QNAP took the following strict decisions:

• The company took some strict actions and forcefully updated the firmware of NAS devices to their recently updated version. I.e. 5.0.0.1891, its last universal firmware was available from 23rd Dec. 2021.
• The QNAP company also forced its latest firmware update on NAS devices by disabling the automatic update of the concerning software too.  The updated firmware comprises numerous security fixes with maximum were related to Samba.

It is also famous that the forced firmware update deleted the ransomware executable and replaced the ransom screen from the target’s machines.

Conclusion

The cyber attackers’ wasted no time in abusing QNAP by asking ransoms when they found out concerning zero-day flaws in the organizations’ internet-enabled NAS devices all around the world.  Maximum time, the repairs come late in usage action, which is exactly what happened with the QNAP when DeadBolt launched the ransomware attacks spree.

Hence, in short, admins should always keep in mind that every device and internet source is duly checked and up-to-date and not exposed publicly

About Author

Nidhi Gupta

See author's posts