• Latest
  • Trending
Asustor warns users of Deadbolt ransomware attacks

Asustor warns users of Deadbolt ransomware attacks

February 24, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 17 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Asustor warns users of Deadbolt ransomware attacks

by ITECHNEWS
February 24, 2022
in Leading Stories, Tech
0 0
0
Asustor warns users of Deadbolt ransomware attacks

The DeadBolt ransomware is now targeting ASUSTOR NAS devices by encrypting files and demanding a $1,150 ransom in bitcoins.

This wave of attacks was first reported on Reddit and the BleepingComputer forums, and soon after, on the ASUSTOR forums.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

Similar to the DeadBolt ransomware attacks that targeted QNAP NAS devices last month, the threat actors claim to be using a zero-day vulnerability to encrypt ASUSTOR NAS devices.

When encrypting files on an ASUSTOR device, the ransomware will rename the files to include the .deadbolt file extension. The ASUSTOR login screen will also be replaced with a ransom note demanding 0.03 bitcoins, worth approximately $1,150, as shown below.

DeadBolt ransom note on ASUSTOR NAS device
DeadBolt ransom note on ASUSTOR NAS device

While ASUSTOR has not explained how the NAS devices are being encrypted, some ASUSTOR owners believe that it is a vulnerability in the PLEX media server or EZ Connect that allows access to their devices.

ASUSTOR states that they are investigating the attacks and have provided the following statement:

In response to Deadbolt ransomware attacks affecting ASUSTOR devices, the myasustor.com DDNS service will be disabled as the issue is investigated. ASUSTOR will release more information with new developments as we investigate and review the causes to ensure this does not happen again. We remain committed to helping affected customers in every way possible. For your protection, we recommend the following measures:

Change default ports, including the default NAS web access ports of 8000 and 8001, as well as remote web access ports of 80 and 443.

  • Disable EZ Connect.
  • Close Plex Ports and disable Plex.
  • Make an immediate backup.
  • Turn off Terminal/SSH and SFTP services.

Most importantly, do not expose your ASUSTOR device to the Internet to avoid being encrypted by DeadBolt.

If DeadBolt has already infected your device, unplug the Ethernet cable and force-shut down your NAS device by holding the power button for three seconds.

Do not attempt to reboot the NAS, as this will erase all files. Instead, use this contact form to request instructions from ASUSTOR technicians on how to recover your files.

It is unclear if all ASUSTOR devices are vulnerable to DeadBolt attacks, but reports indicate that the AS6602T, AS-6210T-4K, AS5304T, AS6102T, and AS5304T models are unaffected.

Unfortunately, there is no way to recover files encrypted by the DeadBolt ransomware for free, and many affected QNAP users were forced to pay the ransom to recover files.

Recovery firmware to be released today

ASUSTOR is planning to release a recovery firmware today so that users can once again use their NAS devices. However, this firmware update will not help recover any encrypted files.

“We estimate to release a recovery firmware from our support engineers today for users whose NAS is hacked so they can use their NAS again. However, encrypted files can not be recovered unless users have backups,” ASUSTOR wrote to their Facebook page.

Unfortunately, this recovery process will likely remove the ransom note pages and malware executable required to decrypt files if a ransom is paid, which historically caused a lot of issues for QNAP owners.

It is strongly suggested that users backup the index.cgi and ALL YOUR FILES HAVE BEEN LOCKED BY DEADBOLT.html files before running the recovery software.

These files contain the information necessary to pay the ransom and receive a decryption key, which owners can then use with Emsisoft’s decryptor for DeadBolt.

If a ransom is paid, the threat actors will create a bitcoin transaction to the same bitcoin address a ransom was paid that contains the decryption key for the victim. The decryption key is located under the OP_RETURN output, as shown below.

Bitcoin transaction's OP_RETURN output containing decryption key
Bitcoin transaction’s OP_RETURN output containing decryption key

For those who need help with the decryption process or want to see common issues that affected QNAP devices last month, you can review our DeadBolt ransomware support topic.

Demanding 50 bitcoin for a master key

Similar to the attacks on QNAP devices, DeadBolt is attempting to sell information to ASUSTOR about the alleged zero-day vulnerability used to breach NAS devices and the master decryption for all victims.

The DeadBolt ransom note includes a link titled “important message for ASUSTOR,” that when clicked, will display a message from the DeadBolt gang specifically for ASUSTOR.

DeadBolt message for ASUSTOR

On this screen, the DeadBolt threat actors are selling the details of the alleged zero-day vulnerability if ASUSTOR pays them 7.5 Bitcoins, worth $290,000.

The DeadBolt gang is also trying to sell ASUSTOR the master decryption key for all victims and the zero-day details for 50 bitcoins, worth $1.9 million.

“Make a bitcoin payment of 50 BTC to bc1qgeghfv5wll35l5ttangzpjgz82y7lgwcp8se4a,” the threat actors wrote in a message to QNAP.

“You will receive a universal decryption master key (and instructions) that can be used to unlock all your clients their files. Additionally, we will also send you all details about the zero-day vulnerability to security@asustor.com.”

The ransomware operation states that there is no way to contact them other than making the bitcoin payment. However, once payment is made, they say they will send the information to the security@asustor.com email address.

It is doubtful that ASUSTOR will pay the extortion demand, so if the DeadBolt Ransomware encrypted your NAS device, the only way to recover files is to restore from backups or pay the ransom.

Based on last month’s analysis of the ransomware by BleepingComputer, DeadBolt is a Linux malware that uses a template for the ransom note that can be substituted for any vendor, as shown below:

This is not a personal attack. You have been targeted because of the inadequate security provided by your vendor ({VENDOR_NAME}).

Therefore, we will likely see attacks against other NAS manufacturers in the future.

Source: Bill Toulas
Via: bleepingcomputer
Tags: Asustor warns users of Deadbolt ransomware attacks
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version