Deadbolt ransomware is being used to target NAS vendors and customers

Double extortion just got an whole new meaning

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Operators of the dreaded Deadboltransomwareare attacking network-attached storage (NAS) users and NAS manufacturers in equal measure.

In astudytitled “Deadbolt ransomware: nothing but NASty”, Cybersecurity researchers from Group-IB published their analysis of an ongoing ransomware attack campaign being waged against NAS devices built by the Taiwanese manufacturer QNAP.

The attackers are using a zero-day exploit (a never-before-seen vulnerability) in QNAP’s NAS devices to compromise the endpoints and deliver themalwarevariant to small and medium-sized businesses (SMB), schools, and regular consumers.

10 BTC for technical details

In their dealings with victims, Deadbolt’s operators demanded anywhere between 0.03 and 0.05 bitcoin (roughly between $500 and $1,000) in exchange for the decryption key.

However, the researchers also found that the ransomware gang reached out to QNAP itself, and demanded a much higher ransom in exchange for valuable data on their operations.

“For a ransom of 10 BTC ($192,000), the threat actors promised the NAS vendor, QNAP, that they would share all the technical details relating to the zero-day vulnerability that they manipulated, and for 50 BTC ($959,000) they offered to include the master key to decrypt the files belonging to the vendor’s clients who had fallen victim to the campaign,” Group-IB wrote in its report.

These are the best ID theft protection services around

Asustor NAS devices hit by Deadbolt ransomware attack>QNAP NAS devices left encrypted by Deadbolt ransomware

Given that the number of successful attacks on QNAP NAS devices rose almost sevenfold this summer, it’s safe to assume that QNAP kindly declined the offer.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Most of the infections happened in the United States, Germany, and Italy.

While the group behind Deadbolt is trying to extort as much money as possible, the police are hot on their trail, and making good progress on neutralising the threat.

According toInfoSecurity, Dutch police managed to trick the operators into giving away more than 150 decryption keys earlier this month. They did so by quickly withdrawing the payment for the decryption keys, before it was confirmed.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

Latest Google Pixel update includes surprise launch of Android 15’s best battery feature