DeadBolt勒索軟件攻擊Qnap NAS設備並提出要求 50 萬能鑰匙嘅比特幣

黑尔加·史密斯一月 27, 2022最後更新: 一月 28, 2022

726 1 分鐘閱讀

Security researchers and Qnap engineers have warned about the emergence of a new DeadBolt ransomware that attacks Qnap NAS. According to the hackers themselves, the DeadBolt malware encrypts devices using a 0-day vulnerability.

Bleeping Computer reports that the attacks began on January 25, when owners of Qnap devices began to discover that their files were encrypted and their file names were suffixed with .deadbolt. The media source is aware of at least 15 victims of the new malware. Instead of a ransom note, which is usually placed in every folder on the device, the message of the hackers is placed right on the login page, as shown below.

DeadBolt attacks Qnap NAS

The victim is informed that it is necessary to transfer 0.03 bitcoin (approximately $1,100) to a specific bitcoin address that is unique to each victim. After the payment, the attackers inform that they will make a return transaction to the same address, which will include a key to decrypt the data.

Journalists emphasize that at present there is no evidence that the payment of the ransom will generally lead to the receipt of the key, and users will be able to decrypt their files.

DeadBolt attacks Qnap NAS

Interestingly, the ransom note has a separate link titled “Important message for Qnap”, 哪, when clicked, displays a message to the developers. The authors of the DeadBolt malware write that they are ready to disclose all details of the zero-day vulnerability they exploit if the company pays them 5 bitcoins (approximately $184,000). They also report that they are ready to sell a master key that will help decrypt the files of all victims, and information about 0-day for 50 bitcoins, 噉係, for almost 1.85 million US dollars.

DeadBolt attacks Qnap NAS

Ransomware operators argue that they can only be contacted through bitcoin payments.
Qnap developers have already confirmed information about DeadBolt attacks. The company warns users:

DeadBolt attacks all NAS connected to the Internet without any protection and encrypts user data in order to collect a ransom in bitcoins. If your NAS is connected to the internet, it is at high risk if the control panel displays the message “The system administration service can be directly accessed from an external IP address using the following protocols: HTTP”.

Users are strongly advised to update QTS to the latest available version and disable port forwarding on their router and UPnP function on Qnap NAS as soon as possible.

Let me remind you that we wrote that The FBI linked the Diavol ransomware to the authors of the TrickBot 惡意軟件, and also that Khonsari ransomware attacks Minecraft servers.

標籤

黑尔加·史密斯一月 27, 2022最後更新: 一月 28, 2022

726 1 分鐘閱讀

DeadBolt勒索軟件攻擊Qnap NAS設備並提出要求 50 萬能鑰匙嘅比特幣

Security researchers and Qnap engineers have warned about the emergence of a new DeadBolt ransomware that attacks Qnap NAS. According to the hackers themselves, the DeadBolt malware encrypts devices using a 0-day vulnerability.

黑尔加·史密斯

留言取消回覆

Remove BGZQ Ransomware Virus (+DECRYPT .bgzq Files)

Remove BGJS Ransomware Virus (+DECRYPT .bgjs Files)

移除KAAA勒索軟件病毒 (+解密.kaaa文件)

移除UAJS勒索軟件病毒 (+解密.uajs文件)

移除USZQ勒索軟件病毒 (+解密.uazq文件)

移除VOOK勒索軟件病毒 (+DECRYPT .vook文件)

移除LOOY勒索軟件病毒 (+DECRYPT.looy文件)

移除KOOL勒索軟件病毒 (+DECRYPT .kool文件)

移除NOOD勒索軟件病毒 (+DECRYPT.nood文件)

移除WIAW勒索軟件病毒 (+解密.wiaw文件)

移除WISZ勒索軟件病毒 (+DECRYPT.wisz文件)

移除LKFR Ransomware病毒 (+DECRYPT.lkfr 文件)

移除LKHY Ransomware病毒 (+DECRYPT.lkhy文件)

移除LDHY勒索軟件病毒 (+DECRYPT .ldhy文件)

移除KVIP Ransomware病毒 (+DECRYPT .kvip文件)

Security researchers and Qnap engineers have warned about the emergence of a new DeadBolt ransomware that attacks Qnap NAS. According to the hackers themselves, the DeadBolt malware encrypts devices using a 0-day vulnerability.

黑尔加·史密斯

聯邦調查局把Diavol勒索軟件與TrickBot惡意軟件嘅作者聯繫起身.

Banking Trojan Chaes Installs Malicious Chrome Extensions

留言取消回覆

相關文章

新版本嘅Magniber勒索軟件威脅Windows 11 用戶

善意勒索迫使受害者做善事

俄羅斯Fronton殭屍網絡可以做嘅不僅僅昰大規模嘅DDoS攻擊

Microsoft警告XorDdos惡意軟件活動增加