Researchers have observed a spike in cyberattacks by Deadbolt ransomware on Network Attached Storage (NAS) devices. These NAS ransomware attacks are extorting not just the end customers but the NAS vendors.
There has been over a 600% surge in Deadbolt attacks in 2022. The majority of infections have been observed in the U.S. (2,472), Germany (1,778), and Italy (1,383). The ransomware has mostly targeted NAS devices used in schools, homes, and small and medium businesses.
The ransomware operators demand a ransom of around 0.03 and 0.05 Bitcoin (approx. $1,000 or less) from the targeted end users to provide the decryption key to unlock their data. For around 10 Bitcoins (around $192,000), they claim to provide the technical details to the NAS vendor regarding the zero-day vulnerability (CVE-2022-27593), which is abused to target the QNAP NAS devices.
The ransomware group has encrypted over 20,000 devices in its campaign since January 2022. This includes more than 1,000 victims in the Netherlands. The police paid the ransom amount, which resulted in the automated generation of 155 decryption keys. By taking advantage of network congestion, the police cancelled the translation and withdrew payments.