The deadbolt ransomware has launched an ongoing campaign targeting NAS devices from the Taiwanese vendor QNAP such as those deployed in schools, individual home users, and other organizations by leveraging zero-day vulnerabilities as an initial attack vector. The prolific ransomware group is targeting the NAS devices and monetize its efforts by extorting vendors and customers. Group-IB has release a study based on a sample of the malware, which it first identified at the beginning of this year.
Group-IB found that the threat actors operate across the globe and do not appear to have a specific region of interest. In addition, the attackers typically demand between 0.03 and 0.05 bitcoin from end users to obtain access to a decryption key. The group also attempts to extort the NAS vendors themselves.