Prolific Ransomware Group Targeting NAS Devices To Extort Vendors

By   ISBuzz Team
Writer , Information Security Buzz | Oct 24, 2022 02:13 am PST

It has been reported that a prolific ransomware group targeting network-attached storage (NAS) devices this year monetizes its efforts by extorting both vendors and their end customers, according to a new report. GroupIB’s study, Deadbolt ransomware: nothing but NASty, is based on its analysis of a sample of the malware, which first appeared at the start of the year. In an ongoing campaign, it has targeted NAS devices from Taiwanese vendor QNAP belonging to SMBs, schools, individual home users and others using zero-day vulnerabilities as an initial access/attack vector.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Paul Bischoff
Paul Bischoff , Privacy Advocate
October 24, 2022 10:15 am

NAS devices from a variety of manufacturers have been plagued by vulnerabilities in recent years, ranging from Western Digital to QNAP and Seagate to Synology. NAS devices are especially vulnerable if they don’t automatically update to receive the latest security patches. And because NAS devices are often used for storing important files and backing up sensitive data, they are lucrative targets. Many small organizations use NAS for storage and file sharing, for example. They are often a “set it and forget it” technology, meaning breaches and malware infections can go on for months without the user noticing. Unfortunately, there are very few NAS brands with clean cybersecurity track records. The only way to avoid vulnerabilities being exploited might be to disconnect the NAS device from the internet, which defeats the purpose of owning one.

Last edited 1 year ago by Paul Bischoff

Recent Posts

Would love your thoughts, please comment.x