DeadBolt Ransomware Resurfaces to Hit QNAP Again

2022-03-23 15:43

DeadBolt ransomware has resurfaced in a new wave of attacks on QNAP that begin in mid-March and signals a new targeting of the Taiwan-based network-attached storage devices by the fledgling threat, researchers said.

Researchers from Censys, which provides attack-surface management solutions, said they observed DeadBolt infections on QNAP gear ramp up slowly starting March 16, with a total of 373 infections that day.

The update was meant to clean up after DeadBolt attacks that were greeting customers with the ransomware group's screen when they logged in, effectively locking them out of the device.

The new wave of attacks ostensibly follow the same pattern as January's wave against QNAP devices, the majority of which were identified running the QNAP QTS Linux kernel version 5.10.60, Ellzey said.

The attacks appear the same to the customer and ask for the same ransom as previous DeadBolt attacks on QNAP devices, Ellzey said.

Censys researchers picked up on the latest wave of QNAP attacks due to the unique way the current DeadBolt ransomware variant communicates with victims, according to the post.

News URL

https://threatpost.com/deadbolt-ransomware-qnap-again/179057/

#deadbolt #qnap #ransomware

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Qnap		93	15	113	112	32	272