In one research (opens in a new tab) Titled “Deadbolt ransomware: nothing but NASty”, Cybersecurity researchers from Group-IB have published their analysis of an ongoing ransomware attack campaign targeting NAS devices manufactured by manufacturers. Taiwan QNAP building.
Attackers are using a zero-day exploit (a previously unseen vulnerability) in QNAP NAS devices to compromise endpoints and provide malware (opens in a new tab) variant for small and medium businesses (SMBs), schools and general consumers.
10 BTC for technical details
In their transactions with victims, Deadbolt’s operators ask for anywhere from 0.03 to 0.05 bitcoins (between $500 and $1,000) in exchange for the decryption key.
However, the researchers also found that the ransomware gang reached out to QNAP on their own and demanded a much higher ransom in exchange for valuable data about their activities.
“With a ransom of 10 BTC ($192,000), the threat actors promised the NAS provider, QNAP, that they would share all the technical details regarding the zero-day vulnerability they discovered. manipulation and the 50 BTC ($959,000) they offered to include the master key to decrypt files belonging to the vendor’s customers who fell victim to the campaign,” Group-IB wrote in its report. me.
Since the number of successful attacks on QNAP NAS devices has increased nearly sevenfold this summer, it is safe to assume that QNAP kindly declined the offer.
Most infections occur in the United States, Germany and Italy.
While the team behind Deadbolt is trying to extort as much money as possible, the police are monitoring them and are making good progress in neutralizing the threat.
Based on InfoSecurity (opens in a new tab), Dutch police tricked operators into providing more than 150 decryption keys earlier this month. They did so by quickly withdrawing the payment for the decryption keys, before it was confirmed.