International Cyber Expo International Cyber Expo
  • About Us
Sunday, 19 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Deadbolt Ransomware Targets NAS Devices

Earlier today, prolific ransomware group targeting network-attached storage (NAS) devices this year monetizes its efforts by extorting both vendors and their end customers, according to a new report.

by Guru Writer
October 19, 2022
in Cyber Bites
Deadbolt Ransomware Targets NAS Devices
Share on FacebookShare on Twitter

Earlier today, prolific ransomware group targeting network-attached storage (NAS) devices this year monetizes its efforts by extorting both vendors and their end customers, according to a new report.

According to Group-IB’s study, Deadbolt ransomware: nothing but NASty, is based on its analysis of a sample of the malware, which first appeared at the start of the year.

In addition, an ongoing campaign, has targeted NAS devices from Taiwanese vendor QNAP belonging to SMBs, schools, individual home users and others using zero-day vulnerabilities as an initial access/attack vector.

Notably, Group-IB claimed the threat actors operate globally without discrimination, demanding between 0.03 and 0.05 bitcoin (less than $1000) from end users for a decryption key.

Although, unusually for ransomware, the group also seeks to extort the NAS vendors themselves.

“For a ransom of 10 BTC ($192,000), the threat actors promised the NAS vendor, QNAP, that they would share all the technical details relating to the zero-day vulnerability that they manipulated, and for 50 BTC ($959,000) they offered to include the master key to decrypt the files belonging to the vendor’s clients who had fallen victim to the campaign,” the report explained.

However, it doesn’t appear as if these efforts to target QNAP have succeeded thus far. A report from last month claimed that Deadbolt infections surged 674% between June and September.

Further to this, a majority of these infections were found in the US, with 2472 hosts showing signs of Deadbolt, followed by Germany (1778), and Italy (1383).

Although as a result there has been some success in the fight against Deadbolt. Last Friday, Dutch cyber police managed to obtain more than 150 decryption keys for the ransomware by tricking its operators.

It appears that the cops paid via bitcoin, received the keys and then promptly withdrew their payment, leaving them with working decryption keys for 150 victims.

To conclude, unlike most ransomware variants today, Deadbolt does not steal data for double extortion purposes – nor do the operators interact with their victims. Once a payment is made to the group, the victim automatically receives the decryption key in the transaction details, Group-IB explained.

ShareTweet
Previous Post

Global Cops Arrest Dozens Associated with Financial Crime Gang

Next Post

Illusive expands ITDR to remediate Kerberoastable vulnerabilities

Recent News

CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging

CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging

July 17, 2026
AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

July 16, 2026
Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

July 15, 2026
Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

July 15, 2026

Eskenzi PR banner ad

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol