Experts at cybersecurity firm Censys have warned of a rise in DeadBolt ransomware attacks targeting QNAP network-attached storage (NAS) devices. The company says that more than 1,000 QNAP devices were infected in the last week.
An increase in infections was observed on January 26, affecting almost 5,000 of the 130,000 QNAP devices in use. At the time, QNAP force updated its firmware to stop the infections, thus reducing the number of infections to less than 300 devices.
However, the ransomware resurged in March. The latest wave of attacks has started on March 16, and over the course of three days, Censys observed 869 newly infected services. By March 19, the number of Deadbolt-infected services had risen to 1,146.
“Except for the BTC addresses used to send ransoms to, the attack remains the same: backup files are encrypted, the web administration interface is modified,” the company said, adding that the ransom messages largely remained the same asking 0.030000 BTC (~$1264) for a decryption key.
“At this time, Censys cannot state whether this is a new attack targeting different versions of the QTS operating system, or if it’s the original exploit targeting unpatched QNAP devices. The new infections do not seem to be targeting a specific organization or country, infections seem to be evenly split between various consumer internet service providers,” Censys said.