Security News > 2022 > September > DEADBOLT ransomware rears its head again, attacks QNAP devices
Most contemporary ransomware attacks involve two groups of criminals: a core gang who create the malware and handle the extortion payments, and "Members" of a loose-knit clan of "Affiliates" who actively break into networks to carry out the attacks.
Regular readers of Naked Security will know that some victims, notably home users and small business, end up getting blackmailed via their NAS, or networked attached storage devices.
NAS boxes are "Plug-and-play" network attached storage, and popular precisely because of how easily you can get them running on your LAN. As you can imagine, in today's cloud-centric era, many NAS users end up opening up their servers to the internet - often by accident, though sometimes on purpose - with potentially dangerous results.
Simply put, ransomware attackers with direct access to the NAS box on your LAN could derail almost all your digital life, and then blackmail you directly, just by accessing your NAS device, and nothing else on the network.
QNAP has just reported that DEADBOLT is doing the rounds again, with the crooks now exploiting a vulnerability in a QNAP NAS feature called Photo Station.
If you have a QNAP NAS product anywhere on your network, and you are using the Photo Station software component, you may be at risk.
News URL
Related news
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between (source)
- BianLian ransomware claims attack on Boston Children's Health Physicians (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks (source)