DeadBolt Ransomware: Another Instance of Ransomware Evolution
On June 17, QNAP, the Taiwanese hardware manufacturer, warned its customers about ransomware attacks targeting the company’s NAS (network-connected storage) devices. Following attacks in January, March, and May, the DeadBolt ransomware is an impending problem for QNAP devices again.
QNAP advises all users to update operating systems to their latest versions and follow network safety rules: to keep NASs disconnected from the global Internet, use VPN, strong passwords, 2-factor authentication, and secure ports. Outdated services and operating systems must be excluded from usage.
In the case DeadBolt manages to infiltrate, QNAP suggests updating the system to the latest version for an embedded malware removal tool to quarantine the ransom note that obstructs the login page.
DeadBolt is highly automatized ransomware that infects systems through the exploitation of QTS and QuTS hero operating systems vulnerabilities. Ransomware operators use AES-128 encrypting. They don’t go for a big game, compensating the small ransom amount with the number of victims.
DeadBolt facilitates payments and decoding with a special user interface for instant decryption via key input. The malefactors allow paying 0.3 bitcoins (around $1,160) for a NAS individual client’s data decryption, five bitcoins (around $193,000) for vulnerability information hint yielded to the attacked company, or 50 bitcoins (over $1 million) for a master key to decrypt all data on the targeted servers. However, researchers at Trend Micro believe, based on their analysis of the ransomware code, that the master key would not work. Therefore, it is more of a hit-or-miss option for DeadBolt operators.
DeadBolt and ransomware alike target NASs like those of QNAP for two reasons. Firstly, the security of those devices is relatively low. Secondly, harvesting smaller payments from many clients of the storage-owning company is more beneficial than hunting for a big fish. Moreover, crooks can sell data they get their hands on, which is a totally different profit channel.