Take Your QNAP NAS Offline! DeadBolt Ransomware Locks Devices via Alleged Zero-Day Flaw
A new ransomware strain is allegedly targeting the QNAP customer base, effectively locking users out of the Network Attached Storage (NAS) devices and prohibiting them from accessing stored data. The attacks are stemming from a zero-day flaw in the products, according to security researchers. QNAP NAS have been a target for ransomware strains such as QLocker and Ch0raix. Now, the devices are reportedly being targeted by a ransomware called DeadBolt that hijack’s the NAS’s operating system. The ransomware also displays a ransom note at login, notifying victims that their devices have been compromised.
QNAP recently published a comprehensive checklist of configurations that aims to mitigate the risks posed by ransomware actors. However, the checklist does not apply to this new threat as the attackers are exploiting a zero-day flaw to complete the attack. BleepingComputer reported that the note read “This is not a personal attack,” blaming inadequate security on behalf of QNAP. The ransomware actors appear to be targeting QNAP’s customers as some sort of punishment for poor security practices. The note promises that once the victim makes a 0.03 Bitcoin payment, the decryption key will be released. However, at least one victim payed more than the ransom request and received an invalid decryption key. NAS owners have been advised to keep their gear behind a firewall and completely secluded from the web until QNAP is able to patch the vulnerability.