>
Operators of the dreaded Deadbolt ransomware attack network-attached storage (NAS .) (opens in new tab)) users and NAS manufacturers equally.
In a study (opens in new tab) Titled “Deadbolt Ransomware: Nothing But NASty,” Group-IB Cybersecurity researchers released their analysis of an ongoing ransomware attack campaign being waged against NAS devices built by Taiwanese manufacturer QNAP.
The attackers use a zero-day exploit (an unprecedented vulnerability) in QNAP’s NAS devices to compromise the endpoints and deliver the malware (opens in new tab) variant for small and medium-sized enterprises (SMEs), schools and regular consumers.
10 BTC for technical details
In their dealings with victims, Deadbolt’s operators demanded somewhere between 0.03 and 0.05 bitcoin (roughly between $500 and $1,000) in exchange for the decryption key.
However, the researchers also found that the ransomware gang had contacted QNAP itself and demanded a much higher ransom in exchange for valuable data about their activities.
“For a ransom of 10 BTC ($192,000), the threat actors promised the NAS vendor, QNAP, that they would share all the technical details regarding the zero-day vulnerability they manipulated, and offered for 50 BTC ($959,000) to contain the master key to decrypt the files of the supplier’s customers who were victims of the campaign,” Group-IB wrote in its report.
Since the number of successful attacks on QNAP NAS devices has increased almost sevenfold this summer, it is safe to assume that QNAP has kindly declined the offer.
Most infections took place in the United States, Germany and Italy.
While the group behind Deadbolt tries to extort as much money as possible, the police are on their trail and making good progress in neutralizing the threat.
According to InfoSecurity (opens in new tab), the Dutch police managed to trick operators into giving away more than 150 decryption keys earlier this month. They did this by quickly withdrawing payment for the decryption keys before it was confirmed.