The DeadBolt ransomware is targeting QNAP NAS devices all over the world, and its authors claim to have a zero-day exploit that allows them to encrypt the content of infected systems. Once the device’s content has been encrypted, the ransomware appends.deadboltextension to the names of the extracted files and defaces the QNAP NAS’s login page, displaying the message.

The operators claim a transparent process for directly delivering the decryption key to the Bitcoin blockchain. The decryption key is directly stored in the OP RETURN field of a transaction generated by the operators in response to the payment. Victims can retrieve the key by tracking the address where they paid the ransom.

Following payment, the threat actors claim they will make a follow-up transaction to the same address containing the decryption key (composed of 32 characters), which can be obtained using the instructions below.

The ransom note also contains a link titled “important message for QNAP,” which leads to a page that sells technical details about the alleged zero-day vulnerability in QNAP NAS devices for 5 BTC (approximately $184,000).

In response to the widespread infections, the Taiwanese vendor initially advised customers to update their QTS software and disable UPnP and port forwarding. Then, on December 23, 2021, QNAP decided to force-update the firmware on all of its customers’ NAS devices to version, the most recent firmware version released.

According to the vendor ,”We’re attempting to improve protection against deadbolts.” If recommended update is enabled under auto-update, we can apply a security patch as soon as it becomes available.” 

During the Qlocker era, many people became infected after we patched the vulnerability.” In fact, the entire outbreak occurred after the patch was released. However, many people do not apply a security patch on the same day, or even within the same week, that it is released.

As a result, it is much more difficult to put an end to a ransomware campaign. We will work on patches and security enhancements for deadbolt and hope to have them implemented as soon as possible. I’m aware that there are arguments on both sides about whether or not we should do this. It is a difficult decision to make. But we did it because of the deadbolt and our desire to stop the attack as soon as possible.

It hasn’t worked for all of the QNAPs we administer, but we’ve now figured it out. Right-click on your Alias (IQN) under “Storage & Snapshots > ISCSI & Fiber Channel,” pick “Modify > Network Portal,” and select the ISCSI adaptor.

Finally the researchers concluded that ,” Cybercriminals continue to attack QNAP NAS equipment, with a fresh wave of Qlocker ransomware being discovered targeting QNAP NAS devices around the world. Another wave of ech0raix ransomware attacks began targeting QNAP network-attached storage (NAS) devices in December 2021.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s