2 min read

Asustor NAS owners hit by DeadBolt ransomware attack

Graham CLULEY

February 22, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Asustor NAS owners hit by DeadBolt ransomware attack

Owners of Asustor NAS drives have woken up to discover that data they believed was safe and sound on their network storage devices has instead been encrypted by ransomware, and that cybercriminals are demanding a ransom.

Affected Asustor users have been posting on Asustor's support forum about how they discovered their NAS drives have been hit by the DeadBolt ransomware.

The first indication most had that anything untoward had happened was when they were greeted by a message from the DeadBolt ransomware attempting to extort 0.03 bitcoins (approximately US $1140 at current exchange rates) for the promised release of a decryption key.

The message displayed by the DeadBolt ransomware claims that victims were targeted simply because they were using Asustor NAS devices, and put the blame on the vendor's "inadequate security."

While Asustor investigates what is clearly a serious problem, it says it has disabled functionality which can allow remote access to its NAS drives: ASUSTOR EZ-Connect, ASUSTOR EZ Sync, and ezconnect.to.

In addition, the company has published the following recommendations for customers to protect themselves from the DeadBolt ransomware:

  • Change default ports, including the default NAS web access ports of 8000 and 8001 as well as remote web access ports of 80 and 443.
  • Disable EZ Connect.
  • Make an immediate backup.
  • Turn off Terminal/SSH and SFTP services.

In addition, the company has linked to further advice about how to mitigate the risks of a ransomware attack.

For some, of course, the advice has sadly arrived too late.

Asustor has advised that customers hit by the ransomware attack follow the steps listed below:

  1. Unplug the Ethernet network cable.
  2. Safely shut down your NAS by pressing and holding the power button for three seconds.
  3. Do not initialize your NAS as this will erase your data.
  4. Fill out their details in this online form, so support technicians can make contact with further guidance.

The DeadBolt ransomware attack against Asustor NAS devices comes just one month after QNAP customers were hit by a similar attack.

NAS owners might be wise to defend their devices behind a firewall, safely out of reach of the internet – unless they feel confident that a security vulnerability that could grant access to cybercriminals is not lurking deep inside.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read
Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find
Silviu STAHIE

November 29, 2022

1 min read
Apple Users Report Seeing Other People's Photos When Using iCloud for Windows Apple Users Report Seeing Other People's Photos When Using iCloud for Windows
Silviu STAHIE

November 25, 2022

1 min read