DeadBolt ransomware takes another shot at QNAP storage • The Register

QNAP is warning users about another wave of DeadBolt ransomware attacks against its network-attached storage (NAS) devices – and urged customers to update their devices’ QTS or QuTS hero operating systems to the latest versions.

The latest outbreak – detailed in a Friday advisory – is at least the fourth campaign by the DeadBolt gang against the vendor’s users this year. According to QNAP officials, this particular run is encrypting files on NAS devices running outdated versions of Linux-based QTS 4.x, which presumably have some sort of exploitable weakness.

The previous attacks occurred in January, March, and May.

Taiwan-based QNAP recommended enterprises whose NAS system have “already been compromised, take the screenshot of the ransom note to keep the bitcoin address, then, upgrade to the latest firmware version and the built-in Malware Remover application will automatically quarantine the ransom note which hijacks the login page.”

They should contact QNAP Assistance if they want to input a decryption key given by the attackers but are unable to find the ransom note after upgrading the firmware.

The cybercriminals behind DeadBolt primarily target NAS devices. QNAP systems are the main targets, though in February the group attacked NAS devices from Asustor, a subsidiary of systems maker Asus, said analysts with cybersecurity firm Trend Micro.

QNAP and its customers are examples of a growing interest by cybercriminals in NAS, Trend Micro wrote in a January report. Businesses are relying more on the Internet of Things (IoT) for constant connectivity, workflow continuity and access to data, the analysts said.

“Cybercriminals have taken notice of this dependence and now regularly update their known tools and routines to include network-attached storage (NAS) devices to their list of targets, knowing full well that users rely on…