It is currently Mon Jun 27, 2022 1:48 pm
All times are UTC + 8 hours

Deadbolt ransomware

Backup and data protection discussion at its finest.

Re: Deadbolt ransomware

Postby custommurvin » Sun Jun 19, 2022 3:50 pm

Blockchain services https://owlab.group/services/blockchain-development is one of the new cutting-edge technologies that has brought uniqueness to all industries. This technology allows peer-to-peer transactions when two or more people want to have a common record.
Last edited by custommurvin on Sat Jun 25, 2022 2:09 pm, edited 1 time in total.
custommurvin
 
Posts: 1
Joined: Sun Jun 19, 2022 3:48 pm

Re: Deadbolt ransomware

Postby JHASUSTOR » Sun Jun 19, 2022 3:58 pm

ov2rey wrote:
peribo wrote:Hello everyone!

I updated ADM to the latest version, entered the control panel, but found that many files have an additional .deadbolt extension and do not open.

Can we hope for real help from Asustor in this matter?
Maybe there are some anti-virus programs for the solution?


Best solution disable internet access to your NAS or buy synology nas..


Buying a Synology NAS is exactly what I did and this is exactly what I'm advising my friends and family to do. I share this issue and direct them to this forum so others are well aware of how poorly Asustor is handling this issue - for the second time. I understand the experts amongst us may disagree and blame the end user but I do not write code/program for a living so I depend on reputable and competent companies to critically evaluate their product or offer a concrete solution once an issue is identified. For those defending Asustor and blaming end users, it's akin to blaming the patient if a surgeon performs the procedure sub-optimally. Guess the patient could have watch You-Tube and done it themselves?
JHASUSTOR
 
Posts: 13
Joined: Sun Oct 04, 2020 2:10 am

Deadbolt ransomware STILL

Postby Saltrams » Sun Jun 19, 2022 7:17 pm

I've been ignoring my NAS since the initial hit (February, was it?) Today was supposed to be my clear day for following the published Asustor ADM updating instructions but not only can I not follow them (questions below) but I see people are being hit AGAIN (June 10th someone reported it). So, given the volatility of the situation, I am wondering if I can salvage the situation without exposing the NAS to the Internet at all?

1. I can't even see the ADM screen when I reboot the NAS without any drives in place. The old IP address is unreachable. I found a new IP address from a network map and I get this screen there:
Image

2. Can I connect the NAS directly to my PC to do the update? I have downloaded the latest ADM update 4.0.5.RUE3 and also copied it to USB stick, so I could plug that into the NAS directly but I need to be able to SEE the ADM page somehow. Can I do HDMI to HDMI NAS to PC maybe?

3 months on, still :cry: :evil: :x :(
Saltrams
 
Posts: 62
Joined: Fri Oct 28, 2016 10:44 pm

Re: Deadbolt ransomware STILL

Postby stormzone » Sun Jun 19, 2022 7:56 pm

Saltrams wrote:I've been ignoring my NAS since the initial hit (February, was it?) Today was supposed to be my clear day for following the published Asustor ADM updating instructions but not only can I not follow them (questions below) but I see people are being hit AGAIN (June 10th someone reported it). So, given the volatility of the situation, I am wondering if I can salvage the situation without exposing the NAS to the Internet at all?

1. I can't even see the ADM screen when I reboot the NAS without any drives in place. The old IP address is unreachable. I found a new IP address from a network map and I get this screen there:
Image

2. Can I connect the NAS directly to my PC to do the update? I have downloaded the latest ADM update 4.0.5.RUE3 and also copied it to USB stick, so I could plug that into the NAS directly but I need to be able to SEE the ADM page somehow. Can I do HDMI to HDMI NAS to PC maybe?

3 months on, still :cry: :evil: :x :(



I've exactly the same problem :(
I followed the instructions on the asustor website, but i can't get access to my nas (AS1004T)....
stormzone
 
Posts: 2
Joined: Sun Jun 19, 2022 7:54 pm

Re: Deadbolt ransomware

Postby peribo » Mon Jun 20, 2022 4:39 pm

Do we have lawyers here? How about a class action lawsuit? If Asustor doesn't want to sponsor cyberterrorism, let them hire a codebreaker (decryption specialist) to solve the problem, it might be cheaper. What do you think?
peribo
 
Posts: 3
Joined: Fri Jun 17, 2022 6:13 pm

Re: Deadbolt ransomware

Postby stormzone » Mon Jun 20, 2022 5:53 pm

peribo wrote:Do we have lawyers here? How about a class action lawsuit? If Asustor doesn't want to sponsor cyberterrorism, let them hire a codebreaker (decryption specialist) to solve the problem, it might be cheaper. What do you think?


This sound like a good idea!
stormzone
 
Posts: 2
Joined: Sun Jun 19, 2022 7:54 pm

Re: Deadbolt ransomware

Postby ilike2burnthing » Tue Jun 21, 2022 12:57 am

Trying to break current encryption methods with a supercomputer has you in a race with the heat death of the universe.
ilike2burnthing
 
Posts: 212
Joined: Thu Apr 09, 2020 8:01 pm

Re: Deadbolt ransomware

Postby Pilloso » Wed Jun 22, 2022 5:34 pm

From what I've observed on several Asustor NAS over the past few months, the most likely backdoors are a combination of active FTP, standard ports, and simple passwords.

My personal NAS resisted the first attack but registered over 10,000 FTP login attempts in its events log.
Pilloso
 
Posts: 18
Joined: Tue Feb 02, 2016 6:32 pm

Re: Deadbolt ransomware

Postby exhausted » Thu Jun 23, 2022 3:36 am

3 month AS6604T owner here hit by the second Deadbolt attack.

Coincidentally, I was away from home for a week, which I was using as an opportunity to test out the remote access functionality, with Plex and EZ Connect enabled.

I never actually saw the ransom page though. Once I was home, I went into the NAS the first time in a week since accessing with AiData app remotely, noticed .deadbolt appended to files, Googled, saw the word ransomware, and immediately started to have a severe panic attack.

Before I could calm down enough to even type my way to answers, let alone read anything, I instinctively pulled the ethernet cable, but left the NAS on. I eventually plugged the cable back in, and was able to update ADM through the AiMaster app. It was only then I logged into the ADM web interface, with no issue.

The only thing that kept me from jumping off a bridge was realizing I kept a majority of the files in Dropbox before migration, so I was able to recover most.

As mentioned earlier in the thread, it seems the attack targets specific file types. Unaffected files for me included M4A, GIF, CUE, LOG, MP2, DMG, IMG, EPUB, MOBI.

My only questions now: Is it safe to move/delete affected files? I didn't touch anything on the off chance it could trigger further damage. Ideally I would like to save the few irreplaceable affected files on an external in case of future decryption. Also is anyone sure the seemingly unaffected files are safe to move/use?

If anyone wants to buy a near new AS6604T let me know! I want this thing out of my life.
exhausted
 
Posts: 1
Joined: Thu Jun 23, 2022 3:23 am

Re: Deadbolt ransomware

Postby marp » Thu Jun 23, 2022 1:44 pm

My 2 cents of wisdom. If you are exposing your NAS to the Internet you are just inviting bad guys to poke to your system. So NEVER open it to the internet, regardless on what Assus is tewlling. you. If you do need to acceess it while remote, either add a small small Raspberry Pi and configure a VPN solution on it, such as Wireguard os OpenVPN, or use another solution like ZeroTier-One.

Also, breaking the encryption - if it was done properly - has no chance, so do not waste your time, reformat your disks, restore your data from older backups - if you have it - and learn from this experience.
marp
 
Posts: 14
Joined: Tue Jan 31, 2017 4:48 pm

Previous

Return to Backup and Data Protection

  • You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot post attachments in this forum
  • Who is online

    Users browsing this forum: No registered users and 3 guests