Security News
You paste the hexadecimal code from the BTC transaction into the ransomware "Login page", and the process fires up a decryption program left behind by the crooks that unscrambles all your data. Loosely speaking, once Bitcoin miners see that a not-yet-processed transaction involves funds that someone else has already "Mined", they simply stop working on the unfinished transaction, on the grounds that it's now worthless to them.
NU, obtained 155 decryption keys from the DeadBolt ransomware gang by faking ransom payments. When the victim enters this key into the ransom note screen, it will be converted into a SHA256 hash and compared to the SHA256 hash of the victim's decryption key and the SHA256 hash of the DeadBolt master decryption key.
QNAP Systems has provided more information about the latest DeadBolt ransomware campaign targeting users of its network-attached storage devices and the vulnerability the attackers are exploiting. "QNAP's security team determined that the source of the DeadBolt malware attack is via The Onion Routing, an anonymous connection," the company shared.
Most contemporary ransomware attacks involve two groups of criminals: a core gang who create the malware and handle the extortion payments, and "Members" of a loose-knit clan of "Affiliates" who actively break into networks to carry out the attacks. Regular readers of Naked Security will know that some victims, notably home users and small business, end up getting blackmailed via their NAS, or networked attached storage devices.
A few days ago - and smack in the middle of the weekend preceding Labor Day - Taiwan-based QNAP Systems has warned about the latest round of DeadBolt ransomware attacks targeting users of its QNAP network-attached storage devices. "QNAP detected a new DeadBolt ransomware campaign on the morning of September 3rd, 2022. The campaign appears to target QNAP NAS devices running Photo Station with internet exposure," the company said in a security advisory.
QNAP has issued a new advisory urging users of its network-attached storage devices to upgrade to the latest version of Photo Station following yet another wave of DeadBolt ransomware attacks in the wild by exploiting a zero-day flaw in the software. The Taiwanese company said it detected the attacks on September 3 and that "The campaign appears to target QNAP NAS devices running Photo Station with internet exposure."
QNAP is warning customers of ongoing DeadBolt ransomware attacks that started on Saturday by exploiting a zero-day vulnerability in Photo Station. "QNAP® Systems, Inc. today detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet," explains the security notice.
QNAP is warning customers of ongoing DeadBolt ransomware attacks that started on Saturday by exploiting a zero-day vulnerability in Photo Station. "QNAP® Systems, Inc. today detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet," explains the security notice.
Taiwan-based QNAP Systems is warning consumers and organizations using their network-attached storage appliances of a new DeadBolt ransomware campaign. Since NAS devices are often accessible remotely via the internet, criminals usually leverage software/firmware vulnerabilities or brute-force admin account passwords to gain access to them, pilfer and encrypt the files on them, then ask for a ransom to restore them.
QNAP is warning users about another wave of DeadBolt ransomware attacks against its network-attached storage devices - and urged customers to update their devices' QTS or QuTS hero operating systems to the latest versions. "Cybercriminals have taken notice of this dependence and now regularly update their known tools and routines to include network-attached storage devices to their list of targets, knowing full well that users rely on these devices for storing and backing up files in both modern homes and businesses," they wrote.