The DeadBolt Ransomware
A DeadBolt ransomware attack targeting Asustor NAS devices has been reported on Reddit and the official Asustor forums by users who have purchased their devices from Asustor. It has been known for some time that DeadBolt is capable of infecting unprotected NAS systems that are connected to the Internet. After previously wreaking havoc on QNAP devices, it appears that Asustor has been the next victim of the same ransomware.
Users of Asustor who sync their files from their NAS to a cloud service such as Microsoft OneDrive or Google Drive should disconnect from the cloud service as soon as possible to avoid losing their data.
Asustor hit by DeadBolt Ransomware
Asustor has not commented anything on the DeadBolt attack. The current recommendation is to unplug the NAS system from the Internet while waiting for Asustor to resolve the issue. As per the details that are available, it is believed that DeadBolt has obtained access using Asustor’s EZ Connect software, which lets users access their network-attached storage systems from any location in the globe.
Although it is uncertain if all Asustor NAS devices are susceptible to the DeadBolt attack there have been comments from users indicating that some models, such as the AS6602T, AS-6210T-4K, AS5304T, AS6102T, or AS5304T, are not infected with the malware. Meanwhile, AS5304T, AS6404T, AS5104T, and AS7004T are among the models that have been attacked.
If you are one of the fortunate owners who have not been infected, it may be a good idea to take some precautionary actions, such as deactivating EZ Connect, automatic updates and SSH on your computer as well as blocking all NAS ports on your router, and only allowing connections from within your network.
DeadBolt is a ransomware threat that operates in a classical way, and its method of attack has remained mostly unchanged. The attacker gains remote access to the victim’s network-attached storage (NAS), encrypts the latter’s data, and then demands payment in bitcoins as a ransom. Each victim is provided with a unique Bitcoin address to which they may send the payment. Once the payment has been processed, the criminal will email the victim the decryption key that will allow him or her to access the contents of the infected NAS system. The criminals are demanding 0.03 bitcoin, which is equal to around $1,154 at today’s market rate.
It’s the same amount of money that the hijackers wanted from their QNAP victims in that attack. Surprisingly, the gang has not approached Asustor with any proposals. As a comparison, the organization offered QNAP five bitcoins ($184,000) to share vulnerability data with the firm, or 50 bitcoins ($1.85 million) to sell the company the universal decryption master key, which the company declined.