News

QNAP NAS are attacked by ransomware group

QNAP’s popular NAS products seem to have become the target of the ransomware group “Deadbolt”. The cybercriminals gain access via a previously unknown vulnerability called “Zero Day”.

Encrypting QNAP NAS

If someone from the “Deadbolt” group gains access to a QNAP NAS, it is possible for him or her to quickly encrypt the network product. A security vulnerability called “Zero Day” serves as a gateway. Unfortunately, access via ransomware is no longer a theoretical scenario. According to QNAP, the first ones have already started on January 25, 2022. The consequences of an attack are extremely annoying. After all, “Deadbolt” ensures that the data on the network device is encrypted. Affected files can then be easily recognized by the new extension “.deadbolt”. But that is not all. On top of that, the ransomware ensures that affected users receive a message immediately. During the login process, the following words appear on the website:

“WARNING: Your files have been blocked by Deadbolt”

Attack against QNAP’s weak data protection

In their message to the user, the Deadbolt hackers make it clear that it is not the user himself they are targeting. Rather, it is a demonstration of the weak security standards QNAP is displaying. In particular, there is talk of “inadequate security measures”. But of course, the cybercriminals also have monetary intentions. They demand 0.03 Bitcoin to stop their attack. Once this has been paid, the respective user receives a corresponding code to release their own network device again.

However, it hits the manufacturer of the network devices themselves far worse. Finally, the ransomware group demands a ransom of 5 Bitcoins from QNAP. This currently corresponds to just under 165,000 euros. As a result of the ransom payment, they want to withdraw the malware as Deadbolt itself writes:

“You will receive a universal decryption master key (and instructions) that will allow you to unlock all your clients’ files. Also, we will send you all the details about the zero-day vulnerability to security@qnap.com”

Best protection by disconnecting from the Internet

Those who have a NAS from QNAP now understandably fear that the data will be encrypted and access will no longer be possible. The safest way to avoid this is to simply keep the network device away from the Internet. After all, the ransomware group will then no longer be able to access the device via the zero-day gap. Alternatively, a secure VPN connection can be used.

Simon Lüthje

I am co-founder of this blog and am very interested in everything that has to do with technology, but I also like to play games. I was born in Hamburg, but now I live in Bad Segeberg.

Related Articles

Neue Antworten laden...

Avatar of Basic Tutorials
Basic Tutorials

Neues Mitglied

3,495 Beiträge 1,475 Likes

QNAP’s popular NAS products seem to have become the target of the ransomware group „Deadbolt“. The cybercriminals gain access via a previously unknown vulnerability called „Zero Day“. Encrypting QNAP NAS If someone from the „Deadbolt“ group gains access to a QNAP NAS, it is possible for him or her to quickly encrypt the network product. … (Weiterlesen...)

Antworten Like

Back to top button