Tool enables decryption key to work after forced firmware update rendered it useless

A decryption key for the DeadBolt ransomware strain has been released, just days after reports surfaced that QNAP devices were being targeted in a new cyber-attack campaign.

Last week, QNAP network-attached storage (NAS) device users reported being infected with DeadBolt, with Censys estimating that nearly 5,000 out of the 130,000 internet-connected devices “exhibited the telltale signs of this specific piece of ransomware”.

Read more of the latest ransomware news

A screenshot of the ransom note seen by The Daily Swig was asking victims to pay 0.03 bitcoin ($1,125) to start the decryption process and regain access to their files.

Somewhat unusually, the actors behind the campaign also left a note to the vendor, stating that they would provide details of the vulnerability to QNAP if it paid five bitcoin ($187,000).

For 50 bitcoin ($1.8 million), the attackers said they would provide full vulnerability details and a mass decryption key.

Access denied

QNAP customers complained online that the forced firmware update last week also disabled a number of issues and ultimately left them unable to use the decryption key they received following the ransomware payment.

Responding to the criticism on Reddit, a QNAP representative said it did so to try to “increase protection against DeadBolt”.

A tool has now been released by Emsisoft that will enable impacted users to decrypt their infected files.

“Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files,” the company said in its installation guide (PDF).

The Daily Swig has reached out to Emsisoft for further comment.

RECOMMENDED Xerox belatedly addresses web-based printer bricking threat