DeadBolt Ransomware encrypts user data on networked QNAP NAS devices using the AES-128 algorithm and then demands a ransom of 0.03 BTC (~$1100) to get the files back. At the same time, the original html page of the NAS devices is replaced with one prepared by ransomware. QNAP force-updated customer's Network Attached Storage (NAS) devices with firmware containing the latest security updates to protect against the DeadBolt ransomware, which has already encrypted over 3,600 devices. The ransom note also sends a message to QNAP that they will release the master key if the QNAP pay them 50 BTC and for 5 BTC they are willing to share how they exploit the vulnerability. All encrypted files are appended with
.deadbolt extension.
DeadBolt (QNAP) Ransomware Signatures
Family: Ransom:Linux/Vigorf.A
MD5: 718ae69788dc752a8db46b0e43e42f13
SHA256: 444e537f86cbeeea5a4fcf94c485cc9d286de0ccd91718362cecf415bf362bcf
DeadBolt (QNAP) Ransomware Download
