Mr.Shehbaz Posted February 22, 2022 Posted February 22, 2022 Asustor NAS owners on Reddit and the official Asustor forums have reported that they've fallen victim to a DeadBolt ransomware attack. DeadBolt has been in the wild for some time now, infecting unprotected NAS systems connected to the Internet. The same ransomware previously wreaked havoc on QNAP devices, and it would appear that Asustor was the next target. DeadBolt's modus operandi hasn't changed much. The attacker remotely slips into the victim's NAS, encrypts the latter's information, and consequently asks for a ransom in bitcoins. Each victim receives a unique Bitcoin address to send the funds. Once the payment goes through, the criminal sends the victim the decryption key to decrypt the files on the infected NAS system. The perpetrators are asking for 0.03 bitcoin, which by today's exchange rate is around $1,154. It's the same sum that the hijackers had demanded from their QNAP victims. Surprisingly, the gang didn't make Asustor any offers. With QNAP, the group had offered to share the vulnerability details with the company for five bitcoins ($184,000) or sell it the universal decryption master key for 50 bitcoins ($1.85 million). Asustor users that synchronize their files from their NAS to a cloud service like Microsoft OneDrive or Google Drive should sever the link as soon as possible. One Redditor commented his infected system pushed the encrypted files to his OneDrive and Google Drive accounts. While he could recover the files from the former, he didn't have any luck with the latter.. Asustor hasn't released a statement regarding the DeadBolt attack. The current guidance is to disconnect the NAS system from the Internet and wait for Asustor's fix. Owners speculate that DeadBolt gained access through Asustor's EZ Connect utility, which allows users to connect to their NAS systems from anywhere around the world. What's funny is that even the live demo of ADM (Asustor Data Master), the operating system for Asustor NAS devices, wasn't saved from the DeadBolt. It's unknown if all Asustor NAS devices are susceptible to the DeadBolt attack as there is user feedback that some models, such as the AS6602T, AS-6210T-4K, AS5304T, AS6102T, or AS5304T, are free of infection. Meanwhile, some affected models include the AS5304T, AS6404T, AS5104T, and AS7004T. Suppose you're one of the lucky owners that didn't get infected. In that case, one Redditor recommends taking some preventative measures, such as disabling EZ Connect, automatic updates, SSH, blocking all NAS ports from your router, and only allowing connections from within your network.
Recommended Posts