U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

New DeadBolt ransomware targets QNAP NAS devices

New malware is targeting targets QNAP NAS devices, it is the DeadBolt ransomware and ask 50 BTC for master key DeadBolt ransomware is targeting QNAP NAS devices worldwide, its operators claim the availability of a zero-day exploit that allows them to encrypt the content of the infected systems. Once encrypted the content of the device, […]

deadbolt ransomware

New malware is targeting targets QNAP NAS devices, it is the DeadBolt ransomware and ask 50 BTC for master key

DeadBolt ransomware is targeting QNAP NAS devices worldwide, its operators claim the availability of a zero-day exploit that allows them to encrypt the content of the infected systems.

Once encrypted the content of the device, the ransomware appends .deadbolt extension to the name of the excerpted files and deface the login page of the QNAP NAS to display the following message:

“WARNING: Your files have been locked by DeadBolt”

deadbolt ransomware
Source DarkFeed Twitter
https://twitter.com/ido_cohen2/status/1486272852743626758

The hijacked QNAP login screen displays a ransom note demanding the payment of 0.03 BTC ransom (roughly $1017) to receive a decryption key to recover the files.

Operators claim a transparent process for the delivery of the decryption key directly to the Bitcoin blockchain. The decryption key is stored directly in the OP_RETURN field of a transaction made by the operators in response to the payment. Victims can retrieve the key by monitoring the address they have they made the ransom payment.

After payment is made, the threat actors claim they will make a follow-up transaction to the same address that includes the decryption key (composed of 32 characters), which can be retrieved using the following instructions.

At this time there is no confirmation that paying a ransom will allow the victims to decrypt their files.

The ransom note also includes a link titled “important message for QNAP,” which points to a page that offers technical details of the alleged zero-day vulnerability in QNAP NAS devices for 5 BTC (approximately $184,000).

They are also offering for sale the QNAP the master decryption key for 50 BTC which could allow all the victims of this ransomware family to decryp their files.

“Make a bitcoin payment of 50 BTC to bc1qnju697uc83w5u3ykw7luujzupfyf82t6trlnd8,” reads the message, as reported by BleepingComputer.

“You will receive a universal decryption master key (and instructions) that can be used to unlock all your clients their files. Additionally, we will also send you all details about the zero-day vulnerability to security@qnap.com.”

QNAP continues to be a privileged target for cybercriminals, recently a new wave of Qlocker ransomware was observed targeting QNAP NAS devices worldwide. In December 2021, another wave of ech0raix ransomware attacks started targeting QNAP network-attached storage (NAS) devices.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, QNAP)

[adrotate banner=”5″]

[adrotate banner=”13″]