September 26, 2023

Asustor Network Attached Storage devices are being warned of potential Deadbolt ransomware attack.

Asustor released a warning  that the Deadbolt ransomware was being used in attacks affecting Asustor devices. It announced that the DDNS service will be disabled while the issue is investigated.

The company recommends users change default ports, including the default NAS web access ports of 8000 and 8001 as well as remote web access ports of 80 and 443. Users should also Disable EZ Connect, make immediate backups, and turn off Terminal/SSH and SFTP services.


For more detailed instructions on protecting your security, please refer to the following link below:

If you find that your NAS has been affected by Deadbolt ransomware, please follow the steps listed below.

1.    Unplug the Ethernet network cable

2.    Safely shut down your NAS by pressing and holding the power button for three seconds.

3.    Do not initialize your NAS as this will erase your data.

4.    Click on the link below for more information and instructions to contact ASUSTOR for help with recovery.

Affected Asustor devices that are internet exposed and running ADM operating systems include the AS5104T, AS5304T, AS6404T, AS7004T, AS5202T, AS6302T, and AS1104T models. 

Users have reported seeing the same ransom messages that were deployed last month when QNAP devices were hit. The Deadbolt ransomware group demanded 0.03 bitcoins (BTC) in exchange for the decryption key. The ransomware group offers to provide the company with information about the alleged zero-day vulnerability they used to attack in exchange for 7.5 BTC. The group is also offering a master decryption key for 50 BTC, worth $1.9 million. 

Leave a Reply

%d bloggers like this: