Cybersecurity company Group-IB analyzed a sample of the DeadBolt ransomware virus, which has already fallen victim to some Russian universities. Attackers using DeadBolt demanded a ransom in BTC.
According to Group-IB, most often the victims of ransomware are small and medium-sized businesses, but experts also became aware of several cases of attacks on leading Russian universities using data storage systems (NAS).
In January of this year, some NAS owners discovered encrypted files with the .deadbolt extension. At the same time, Bleeping Computer reported 3,600 infected devices. Since then, reports of DeadBolt ransomware attacks have appeared regularly, and the country of the victim for the attack did not matter.
DeadBolt encrypts the NAS and demands a ransom from both users and hardware manufacturers for technical information about the vulnerability used in the attack. The ransom amount averages 0.03-0.05 BTC (about $1,000) for users and 10-50 BTC (from $200,000 to $1,000,000) for NAS manufacturers.
The victim automatically receives the decryption key in the transaction details after the ransom is paid. By October, more than 20,000 devices worldwide had been attacked by ransomware, according to the Dutch police, which managed to intercept 155 decryption keys.
Group-IB recommends that NAS users take preventive security measures. In particular, experts advise regularly updating the NAS firmware and setting up two-factor authentication in the administrator account.
At the beginning of the year, Group-IB published a report according to which, since 2018, more than 8,000 fake domains have been launched by scammers to lure cryptocurrency traders.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
