Security News > 2022 > March > Serious Security: DEADBOLT – the ransomware that goes straight for your backups
Deadbolt ignores the desktops and laptops on your network, instead finding and attacking vulnerable network-attached storage devices directly over the internet.
If you'd inadvertently set up your backup device so that its web portal was accessible from the "Internet side" of your network connection - the port that's probably labelled WAN on your router, short for wide-area network - then anyone who knew the security hole patched in QSA-21-57 could attack your backup files directly.
Perhaps taking a leaf out of the playbook tried by the Kaseya ransomware criminals, the Deadbolt crew have what you might call a meta-offer for QNAP, the makers of the device itself.
The good news in the Deadbolt story is that QNAP not only published a patch for the QSA-21-57 vulnerability back in January 2021, but also apparently went on to take the unusual step of automatically pushing out that update even to devices with automatic updates turned off.
The bad news is that the online internet security scanning service Censys is reporting that Deadbolt infections have suddenly leapt back onto its radar, with more than 1000 affected devices showing up in the past few days.
It's even possible that some unpatched devices that were theoretically at risk before, but weren't exposed to the internet, have recently been opened up to attack by by users hurriedly "Reviewing" and revising their network configurations - and perhaps promising themselves to "Make more backups more often" - in the light of current cybersecurity anxieties provoked by the war in Ukraine.