DeadBolt ransomware exploits Qnap NAS vulnerability patched in December

Deadbolt and Qnap NAS
Written by Emma Davis

Qnap is warning NAS owners to enable automatic firmware updates on their devices to protect against DeadBolt ransomware attacks.

Let me remind you that it was originally reported that DeadBolt encrypts devices using some kind of 0-day vulnerability. The hacks began on January 25, 2022, when owners of Qnap devices began to discover that their files were encrypted and their filenames were suffixed with .deadbolt.

Interestingly, in the ransom note, the hackers left a separate message for the developers, entitled “Important message for Qnap.” The authors of the DeadBolt malware write that they are ready to disclose the full details of the zero-day vulnerability they are exploiting if the company pays them 5 bitcoins (approximately $184,000). They also reported that they were ready to sell a master key that would help decrypt the files of all the victims, and information about 0-day for 50 bitcoins, that is, for almost 1.85 million US dollars.

As a result, Qnap was forced to install firmware updates on its NAS in an effort to thwart ransomware attacks that, as of January 28, 2022, had encrypted more than 3,600 devices.

As Qnap now says, the malware exploits a vulnerability fixed in December 2021 and “described in the QNAP security bulletin (QSA-21-57).” The company told Bleeping Computer that it was forcibly distributing updates because, according to them, attackers use an RCE vulnerability fixed in firmware 5.0.0.1891.

According to Qnap, the bug has been fixed in the following versions of QTS and QuTS hero:

  1. QTS 5.0.0.1891 build 20211221 and later;
  2. QTS 4.5.4.1892 build 20211223 and later;
  3. Hero QuTS h5.0.0.1892 build 20211222 and above;
  4. Hero QuTS h4.5.4.1892 build 20211223 and above;
  5. QuTScloud c5.0.0.1919 build 20220119 or later.

Journalists note that there are already complaints on the Qnap forum from users whose data was encrypted even when using the latest firmware versions. That is, the attackers are likely exploiting a different vulnerability.

Let me remind you that we also reported that ECh0raix ransomware again attacks QNAP NAS, and also that QSnatch malware infects thousands of QNAP NAS devices, and yet.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending