Owners of Asustor NAS devices reported on Reddit and on the official forums of the Asustor manufacturer about the cyberattacks of the DeadBolt ransomware. Earlier, the same ransomware program caused damage to QNAP devices, and the next target was devices from Asustor.
The methods of the DeadBolt operators have not changed much. Attackers remotely infect the victim’s NAS devices, encrypt information and demand a ransom in bitcoins. Each victim receives a unique bitcoin address to send funds to. After payment, the criminal sends the decryption key to the victim to restore files on the infected NAS system. Criminals demand an amount of 0.03 bitcoin (about $1,130 at the current exchange rate).
This is the same amount that the criminals demanded from the affected QNAP customers. DeadBolt tried to sell full information about the alleged zero-day vulnerability of QNAP for 5 bitcoins (about $185 thousand). Cybercriminals were also willing to sell QNAP the master decryption key, which can decrypt all the attacked devices, and provide information about the alleged zero-day vulnerability for 50 bitcoins (approximately $1.85 million). It is noteworthy that the grouping has not made such proposals to Asustor.
As the owners of the devices assume, DeadBolt gained access to NAS storage through the Asustor EZ Connect utility, which allows users to connect to their systems from anywhere in the world.
It is unknown whether all Asustor NAS devices are susceptible to a DeadBolt attack. As reported by some users, the AS6602T, AS-6210T-4K, AS5304T, AS6102T and AS5304T models were not infected.