"Deadbolt Ransomware Extorts Vendors and Customers"

According to researchers at Group-IB, a prolific ransomware group targeting network-attached storage (NAS) devices this year monetizes its efforts by extorting both vendors and their end customers. The group is called the Deadbolt ransomware group. The researchers stated that in an ongoing campaign, it has targeted NAS devices from Taiwanese vendor QNAP belonging to SMBs, schools, individual home users, and others using zero-day vulnerabilities as an initial access/attack vector. The researchers noted that the threat actors operate globally without discrimination, demanding between 0.03 and 0.05 bitcoin (less than $1000) from end users for a decryption key. However, unusually for ransomware, the group also seeks to extort the NAS vendors themselves. The researchers stated that for a ransom of 10 BTC ($192,000), the threat actors promised the NAS vendor, QNAP, that they would share all the technical details relating to the zero-day vulnerability that they manipulated, and for 50 BTC ($959,000) they offered to include the master key to decrypt the files belonging to the vendor’s clients who had fallen victim to the campaign. The researchers noted that it doesn’t appear that these efforts to target QNAP have succeeded thus far. A report from last month claimed that Deadbolt infections surged 674% between June and September. A majority of these infections were found in the US, with 2472 hosts showing signs of Deadbolt, followed by Germany (1778) and Italy (1383). The researchers stated that unlike most ransomware variants today, Deadbolt does not steal data for double extortion purposes, nor do the operators interact with their victims. Once payment is made to the group, the victim automatically receives the decryption key in the transaction details.

Infosecurity reports: "Deadbolt Ransomware Extorts Vendors and Customers"