DEADBOLT – the ransomware that goes straight for for your backups – Naked Security | #malware | #ransomware


In January 2021, reports surfaced of a backup-busting ransomware strain called Deadbolt, apparently aimed at small businesses, hobbyists and serious home users.

As far as we can see, Deadbolt deliberately chose a deadly niche in which to operate: users who needed backups and were well-informed enough to make them, but who didn’t have the time or funds to look after those backups as a full-time task, or even as part of a reliable part-time routine.

Many ransomware attacks unfold with cybercriminals breaking into your network, mapping out all your computers, scrambling all the files on all of them in unison, and then changing everyone’s wallpaper to show a blackmail demand along the lines of, “Pay us $BIGVAL and we’ll send you a decryption key to unlock everything.”

For large networks, this attack technique has, sadly, helped numerous audacious criminals to extort hundreds of millions of dollars out of organisations that simply didn’t have any other way to get their business back on track.

Deadbolt, however, ignores the desktops and laptops on your network, instead finding and attacking vulnerable network-attached storage (NAS) devices directly over the internet.

To be clear, the decryption tools delivered by today’s cybercriminals – even when the amount involved is hundreds of thousands or millions of dollars – routinely do a mediocre job. In our State of Ransomware 2021 survey, for example, half of our respondents who paid up nevertheless lost at least a third of their data. In fact, a third of them lost more thna half of what they were paying to recover, and a disastrously disappointed 4% paid full price but got nothing back at all.