DeadBolt Ransomware: Another Instance of Ransomware Evolution
En Junio 17, QNAP, the Taiwanese hardware manufacturer, prevenido its customers about Secuestro de datos attacks targeting the company’s NAS (network-connected storage) dispositivos. Following attacks in January, Marzo, y puede, el perno muerto ransomware is an impending problem for QNAP devices again.
QNAP advises all users to actualizar operating systems to their latest versions and follow network safety rules: to keep NASs disconnected from the global Internet, use VPN, contraseñas seguras, 2-factor authentication, and secure ports. Outdated services and operating systems must be excluded from usage.
In the case DeadBolt manages to infiltrate, QNAP suggests updating the system to the latest version for an embedded malware removal tool to quarantine the ransom note that obstructs the login page.
DeadBolt is highly automatized ransomware that infects systems through the exploitation of QTS y QuTS hero operating systems vulnerabilities. Ransomware operators use AES-128 encrypting. They don’t go for a big game, compensating the small ransom amount with the number of victims.
DeadBolt facilitates payments and decoding with a special user interface for instant decryption via key input. The malefactors allow paying 0.3 bitcoins (alrededor $1,160) for a NAS individual client’s data decryption, five bitcoins (alrededor $193,000) for vulnerability information hint yielded to the attacked company, o 50 bitcoins (encima $1 millón) for a master key to decrypt all data on the targeted servers. Sin embargo, researchers at Trend Micro believe, based on their analysis of the ransomware code, that the master key would not work. Por lo tanto, it is more of a hit-or-miss option for DeadBolt operators.
DeadBolt and ransomware alike target NASs like those of QNAP for two reasons. En primer lugar, the security of those devices is relatively low. En segundo lugar, harvesting smaller payments from many clients of the storage-owning company is more beneficial than hunting for a big fish. Además, crooks can sell data they get their hands on, which is a totally different profit channel.
