Asustor was established as a subsidiary of ASUS and is a leading innovator and provider of network attached storage and video surveillance.
On February 21, 2022 Asustor NAS devices worldwide were attacked by the Deadbolt ransomware, encrypting all data stored on the devices. The data included business, personal, and generally irreplaceable information that is important to their owners. The users were asked to pay a 0.03 Bitcoin ransom to (possibly) receive a unencryption key allowing them to re-access their data. In addition, Asustor was asked to pay a 50 Bitcoin ransom to receive a master key allowing all their users to recover their data. Evidence points to malpractice by Asustor as the cause for the attack, since the software provided with their products was kept vulnerable to Deadbolt even though the malware had been targeting other NAS brands for over one month before the attack.
Asustor did not warn their users of a possible attack, nor deployed any automatic security update to their devices, leaving them fully vulnerable. Note that Asustor NAS devices are specifically described as a defense from ransomware attacks, leading the users into a sense of false security and trust of Asustor’s data security efforts.
Asustor has not announced any intention to pay the ransom or otherwise provide a remedy to their customers.
There was a similar class action lawsuit against Target Corporation. Terrell Marshall Law Group filed a class action lawsuit against Target for failing to implement and maintain important security procedures and practices. As a result, a data breach compromised the financial and personal information of customers. Approximately 40 million credit and debit card users who purchased products from Target between November 27 and December 15, 2013 were affected by the data breach.