Security News > 2022 > February > Warning — Deadbolt Ransomware Targeting ASUSTOR NAS Devices

ASUSTOR network-attached storage devices have become the latest victim of Deadbolt ransomware, less than a month after similar attacks singled out QNAP NAS appliances.

The attacks primarily affect internet-exposed ASUSTOR NAS models running ADM operating systems including, but not limited to, AS5104T, AS5304T, AS6404T, AS7004T, AS5202T, AS6302T, and AS1104T. Much like the intrusions targeting QNAP NAS devices, the threat actors claim to be using a zero-day vulnerability to encrypt ASUSTOR NAS devices, demanding that victims pay 0.03 bitcoins to recover access.

The ransomware operators, in a separate message for ASUSTOR, said it's willing to share details of the flaw should the company make a bitcoin payment of 7.5BTC, in addition to selling the universal decryption key for a total payment of 50BTC. Exact details of the security vulnerability used is not clear, but it's suspected that the attack vector relates to a flaw in the EZ Connect feature that allows remote access to the NAS devices, as the company has urged to disable the functionality as a preventive measure.

Users who have their NAS devices already compromised with the ransomware are advised to follow the below steps -.

Safely shut down your NAS by pressing and holding the power button for three seconds.

Do not initialize your NAS as this will erase your data, and.

News URL

https://thehackernews.com/2022/02/warning-deadbolt-ransomware-targeting.html