DeadBolt Ransomware: QNAP NAS Users Are in for a Costly Infection

When it comes to cybercrime, there are countless ways in which threat actors can target their victims, be it ransomware, malware, spyware, and the like. Now, the DeadBolt ransomware is striking and QNAP NAS devices seem to be the target.

The attack started on January 25th, 2022. Users around the world who operate QNAP devices suddenly found their files encrypted and their file extension changed to .deadbolt.

While ransomware attacks have become pretty common in recent years, this one appears to be operating in a different way. Yeah, the attackers are getting creative as they’re not leaving ransom notes in each folder on the device anymore.

If that’s not the case what are they doing? What are they asking for? We’ll answer all of these questions in this comprehensive article.

DeadBolt Ransomware Strikes – They Accept BitCoins

Ransomware attacks have become very popular nowadays. It’s simple. The attacker infects the victim’s device with some sort of malware, encrypts his/her data, then demands a ransom to restore access to the data upon payment. 

The payment is always a lot and should come in the form of Bitcoin. And yes, the new DeadBolt ransomware doesn’t differ at all from previous attacks.

What’s different though is the way the malware notifies the victim. Usually, it’s a note left in chosen folders. With DeadBolt, the attackers hijack the QNAP device’s login page to display a screen showing the following message:

“WARNING: Your files have been locked by DeadBolt.”

As seen in the image above, the attackers ask the victims to pay 0.03 bitcoins (approximately $1,100). However, each victim gets a unique address to send the money to.

Once they’ve made the payment, the attackers inform the victims that they’ll be making a follow-up transaction to the same address, where the decryption key is present. The image below shows the instructions that need to be followed:

According to Bleeping Computer, there’s no evidence that paying a ransom will help the victims in receiving a decryption key or give them the ability to decrypt files.

So far, it’s confirmed that at least 15 victims have been hit with the new DeadBolt ransomware attack. To make things even worse, it’s apparent that the malware is attacking randomly, with no specific region as a target.

Aside from that, since QNAP devices are the targeted platforms, the attack will only affect devices that can connect to the internet – just like previous ransomware attacks on QNAP.

Finally, the attackers have stated that they exploited a zero-day vulnerability to conduct their attack. If you’re a QNAP user, we highly suggest you disconnect your devices at once.

QNAP Hit Hard – DeadBolt Is Lurking

QNAP has suffered previous attacks in the past. In fact, Qlocker and eCh0raix – two impactful ransomware families targeted the QNAP owners before, and now, DeadBolt comes in to make it a triple threat.

If you’re a QNAP owner, we highly suggest you visit pages like Reddit or Quora to learn more about the attacks. Besides, you might even get some help from other QNAP users.