New DeadBolt ransomware targets QNAP NAS devices

New malware is targeting targets QNAP NAS devices, it is the DeadBolt ransomware and ask 50 BTC for master key

DeadBolt ransomware is targeting QNAP NAS devices worldwide, its operators claim the availability of a zero-day exploit that allows them to encrypt the content of the infected systems.

Once encrypted the content of the device, the ransomware appends .deadbolt extension to the name of the excerpted files and deface the login page of the QNAP NAS to display the following message:

“WARNING: Your files have been locked by DeadBolt”

Source DarkFeed Twitter

Deadbolt #Ransomware team targets QNAP devices with a new zero-day No one’s paid them yet #DEADBOLT pic.twitter.com/Y1YxE1X6Rs— DarkFeed (@ido_cohen2) January 26, 2022The hijacked QNAP login screen displays a ransom note demanding the payment of 0.03 BTC ransom (roughly $1017) to receive a decryption key to recover the files.

Operators claim a transparent process for the delivery of the decryption key directly to the Bitcoin blockchain. The decryption key is stored directly in the OP_RETURN field of a transaction made by the operators in response to the payment. Victims can retrieve the key by monitoring the address they have they made the ransom payment.

After payment is made, the threat actors claim they will make a follow-up transaction to the same address that includes the decryption key (composed of 32 characters), which can be retrieved using the following instructions.

At this time there is no confirmation that paying a ransom will allow the victims to decrypt their files.

QNAP continues to be a privileged target for cybercriminals, recently a new wave of Qlocker ransomware was observed targeting QNAP NAS devices worldwide. In December 2021, another wave of ech0raix ransomware attacks started targeting QNAP network-attached storage (NAS) devices.

The ransom note also includes a link titled “important message for QNAP,” which points to a page that offers technical details of the alleged zero-day vulnerability in QNAP NAS devices for 5 BTC (approximately $184,000).

#QNAP seem to have a new #Ransomware attack: #Deadbolt. What’s the fix, QNAP?Each customer being asked to pay 0.03 #BTC pic.twitter.com/1XS1liTZn2— Wireless-News (@news_wireless) January 25, 2022They are also offering for sale the QNAP the master decryption key for 50 BTC which could allow all the victims of this ransomware family to decryp their files.

“Make a bitcoin payment of 50 BTC to bc1qnju697uc83w5u3ykw7luujzupfyf82t6trlnd8,” reads the message, as reported by BleepingComputer.

“You will receive a universal decryption master key (and instructions) that can be used to unlock all your clients their files. Additionally, we will also send you all details about the zero-day vulnerability to security@qnap.com.”

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, REvil ransomware)

The post New DeadBolt ransomware targets QNAP NAS devices appeared first on Security Affairs.