QNAP NAS devices left encrypted by Deadbolt ransomware

Users - and the company - face threats to make Bitcoin payments

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

QNAPNAS devicesacross the globe have been hit by a widespread cyberattack after the DeadBoltransomwaregroup began to encrypt the network-attached storage devices.

QNAP NAS users reported finding their files encrypted, sporting a .deadbolt file extension.

Users were confronted by a screen displaying a “WARNING: Your files have been locked by DeadBolt” message that added “You can make a payment of (exactly) 0.030000 bitcoin to the following address.”

Deadbolt decryption

Deadbolt decryption

The victims were given a decryption key to retrieve their files as part of a follow-up transaction, although there is no confirmation that paying the ransom will result in the successful decryption of files.

Watch out, that Microsoft Edge update is actually ransomware>IT workers believe ransomware is as serious as terrorism>Ransomware attackers are targeting inside help

QNAP assured customers that they can access their admin page by navigating tohttp://nas_ip:8080/cgi-bin/index.cgiorhttps://nas_ip/cgi-bin/index.cgi. It also promises that its Product Security Incident Response Team is conducting an investigation.

Users are being told to take their devices offline and place them behind a firewall until a fix has been found. Without access to the Internet, attacks against network-attached storage devices (or any devices connected to a network, for that matter) should be impossible.

DeadBolt is offering to share with QNAP the zero-day vulnerability that allowed the ransomware group to gain access to the devices, at a cost of 5 BTC. This, and the master decryption key, will cost the company 50 BTC.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

With no dedicated website or messaging service, the gang stated that the only way to make contact is through Bitcoin payments. However, the group promised to send the zero-day information to QNAP’s security@qnap.com email address.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled inwebsite buildersandweb hostingwhen DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Anker Nebula Mars 3 review: A powerful and truly portable projector