If you have an Asustor NAS, shut it down immediately, as DeadBolt ransomware is targeting

Users who have Asustor NAS at home should pay attention. According to foreign media reports, DeadBolt ransomware has set Asustor NAS as the next target, and has even invaded unprotected devices; DeadBolt only recently attacked NAS products of QNAP Technology and asked QNAP to pay 5~50 Bitcoins to redeem user profile.

Foreign media Tom’s hardware reported that Reddit and Asustor official forum users said that Asustor NAS has become a victim of the DeadBolt ransomware attack. DeadBolt’s modus operandi has not changed much. Mostly, it sneaks into the victim’s NAS from a remote location, then encrypts user data and demands bitcoin redemption. Each victim receives a bitcoin address, and after payment is made, the hacker sends the decryption key to unlock the infected NAS system.

The attackers have not yet demanded any ransom from Asustor, but may use the same extortion method as QNAP, which is to pay 5 bitcoins to disclose the details of the attack vulnerability to Asustor for them to fix; another option is to pay 50 bitcoins , the hacker would send a set of universal unlocking passwords to the company, which could deal with all victim users’ NAS devices at once. However, it is understood that some victims received extortion messages demanding 0.03 bitcoins (about $1,154).

Asustor has yet to make a statement about the DeadBolt attack, and the best thing to do now is to shut down the NAS system without connecting to the Internet, and wait for Asustor to fix it. It is unclear if all Asustor NAS devices are affected by DeadBolt, as some users report that some models such as AS6602T, AS-6210T-4K, AS5304T, AS6102T or AS5304T are not infected; other affected models are AS5304T, AS6404T, AS5104T and AS7004T.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s