It has been reported that a prolific ransomware group targeting network-attached storage (NAS) devices this year monetizes its efforts by extorting both vendors and their end customers, according to a new report. Group–IB’s study, Deadbolt ransomware: nothing but NASty, is based on its analysis of a sample of the malware, which first appeared at the start of the year. In an ongoing campaign, it has targeted NAS devices from Taiwanese vendor QNAP belonging to SMBs, schools, individual home users and others using zero-day vulnerabilities as an initial access/attack vector.
NAS devices from a variety of manufacturers have been plagued by vulnerabilities in recent years, ranging from Western Digital to QNAP and Seagate to Synology. NAS devices are especially vulnerable if they don’t automatically update to receive the latest security patches. And because NAS devices are often used for storing important files and backing up sensitive data, they are lucrative targets. Many small organizations use NAS for storage and file sharing, for example. They are often a “set it and forget it” technology, meaning breaches and malware infections can go on for months without the user noticing. Unfortunately, there are very few NAS brands with clean cybersecurity track records. The only way to avoid vulnerabilities being exploited might be to disconnect the NAS device from the internet, which defeats the purpose of owning one.