DeadBolt and Ech0raix Ransomware Are Attacking QNAP Devices
The New Ransomware Attack Targets Users of QNAP Systems’ Taiwanese NAS Equipment.
A new DeadBolt ransomware campaign has been brought to the attention of individuals and enterprises who use network-attached storage (NAS) machines manufactured by QNAP Systems, which is located in Taiwan.
As HELPNETSECURITY explained, there also seems to be a fresh ech0raix/QNAPCrypt campaign that is now running; however, QNAP has not yet commented on this matter.
Consumers and small to medium-sized enterprises are the most common users of network-attached storage (NAS) devices because of their ability to store, manage, and share backups and data. Because of this, cybercriminals that use ransomware and engage in double extortion schemes may find them to be an alluring target.
Because NAS devices are frequently accessible remotely via the internet, cybercriminals typically exploit software/firmware vulnerabilities or brute-force admin account passwords in order to gain access to them, steal and encrypt the files stored on them, and then demand a ransom in order to restore the files. Sometimes their security is breached, and cryptominers are installed on their computers.
NAS devices made by QNAP and Synology are often the primary targets of an attack, however, NAS devices made by other manufacturers (including Western Digital, Seagate, Zyxel, and others) are also sometimes attacked.
QNAP recently detected a new DeadBolt ransomware campaign. According to victim reports so far, the campaign appears to target QNAP NAS devices running outdated versions of QTS 4.x.
Users are encouraged to update the firmware of their QTS or QuTS hero devices to the most recent version; however, QNAP reminds users who have been affected by the DeadBolt ransomware that they must first take a screenshot of the ransom note in order to save the bitcoin address, and only then should they upgrade to the most recent firmware version.
If Ransomware Concerns You…
Join us on Tuesday, June 21st, 1pm BST/2pm CEST for our next webinar, when Cyber-Security & Heimdal Product Expert Andrei Hinodache and Pre-Sales Engineering Manager Robertino Matausch will explain why ransomware is on the rise, and how should executives evaluate their company’s ability to prevent and recover from ransomware attacks.
What’s more, we will be showing you how to do this LIVE! Our experts will walk you through ransomware incident preparedness, technical testing through live simulations, detection, and suggestions for thwarting attackers by hardening systems and infrastructure.
Make sure you register here!