Owners of Asustor NAS drives have woken up to discover that data they believed was safe and sound on their network storage devices has instead been encrypted by ransomware, and that cybercriminals are demanding a ransom.
Affected Asustor users have been posting on Asustor's support forum about how they discovered their NAS drives have been hit by the DeadBolt ransomware.
The first indication most had that anything untoward had happened was when they were greeted by a message from the DeadBolt ransomware attempting to extort 0.03 bitcoins (approximately US $1140 at current exchange rates) for the promised release of a decryption key.
The message displayed by the DeadBolt ransomware claims that victims were targeted simply because they were using Asustor NAS devices, and put the blame on the vendor's "inadequate security."
While Asustor investigates what is clearly a serious problem, it says it has disabled functionality which can allow remote access to its NAS drives: ASUSTOR EZ-Connect, ASUSTOR EZ Sync, and ezconnect.to.
In addition, the company has published the following recommendations for customers to protect themselves from the DeadBolt ransomware:
In addition, the company has linked to further advice about how to mitigate the risks of a ransomware attack.
For some, of course, the advice has sadly arrived too late.
Asustor has advised that customers hit by the ransomware attack follow the steps listed below:
The DeadBolt ransomware attack against Asustor NAS devices comes just one month after QNAP customers were hit by a similar attack.
NAS owners might be wise to defend their devices behind a firewall, safely out of reach of the internet – unless they feel confident that a security vulnerability that could grant access to cybercriminals is not lurking deep inside.