Deadbolt ransomware

Backup and data protection discussion at its finest.

Moderator: Lillian.W@AST

ov2rey
Posts: 26
youtube meble na wymiar Warszawa
Joined: Fri Aug 05, 2016 11:13 am

Re: Deadbolt ransomware

Post by ov2rey »

I just finish reconfigure two nas...

I am going to configure add more security settings on my ASUS router and NAS.

Router settings
AiProtection - Enable
DNS - Cloudflare
DNS over TLS - Cloudflare
IPv6 - Cloudflare
Firewall -Enable
DOS - Enable
Disable internet connection on two NAS

- NAS settings
Snapshot - daily 12am
Disable all services
Disable Ezconnect
Disable DDNS
Disable registration product
Enable block up 5 times per 1 minute
Change system HTTP & HTTPS Port
Disable Admin account

Hope above setting won't get me attacked again. It's really nightmare
ov2rey
Posts: 26
Joined: Fri Aug 05, 2016 11:13 am

Re: Deadbolt ransomware

Post by ov2rey »

ADM 4.0.5.RUE3

Important Announcement:
In response to ransomware attacks, ADM firmware has been upgraded to fix related security issues.

ASUSTOR strongly recommends taking the following actions to ensure your data is secure:

Change your password.
Use a strong password.
Change default HTTP and HTTPS ports. Default ports are 8000 and 8001 respectively.
Turn off Terminal/SSH and SFTP services and other services you do not use.
Make regular backups and ensure backups are up to date.
Keep your ASUSTOR NAS up to date as updates provide security fixes.

Click here to read more about how to protect your data from ransomware.


If you've been affected by ransomware, please https://www.asustor.com/knowledge/detail/?group_id=630 to read more about how to update ADM.


Change log:
Fix security vulnerabilities.
Improved multilingual strings.
ztoti
Posts: 2
Joined: Wed Jun 15, 2022 9:32 pm

Re: Deadbolt ransomware

Post by ztoti »

I have a question for someone with more experience. I was affected with Deadbolt and here is what I did:
1. Disconnect the network cable from my router
2. Disconnect WiFi from my laptop
3. Plug the network cable to my laptop
4. I saw the NAS on mu laptop's network, I opened the folders and what I saw some files was not compromise ( as SolidWorks files, Altium files..)
5. I tried to copy these files to my laptop, to save them but the laptop start to work so slow and I disconnected the network cable.

My question is: did I get Deadbolt from my NAS, is my laptop infected now?
Thank you.
Lexx
Posts: 3
Joined: Thu Jun 16, 2022 2:11 am

Re: Deadbolt ransomware

Post by Lexx »

ztoti wrote:I have a question for someone with more experience. I was affected with Deadbolt and here is what I did:
1. Disconnect the network cable from my router
2. Disconnect WiFi from my laptop
3. Plug the network cable to my laptop
4. I saw the NAS on mu laptop's network, I opened the folders and what I saw some files was not compromise ( as SolidWorks files, Altium files..)
5. I tried to copy these files to my laptop, to save them but the laptop start to work so slow and I disconnected the network cable.

My question is: did I get Deadbolt from my NAS, is my laptop infected now?
Thank you.
Just your nas that's has its files encrypted
Jonezfin
Posts: 1
Joined: Thu Jun 16, 2022 8:43 pm

Re: Deadbolt ransomware

Post by Jonezfin »

so is there any good instruction to search raid 5 to save files other than booting asustor from usblinux i think if i do it with asus way it contiues encrypyig on bacground am i right?
ztoti
Posts: 2
Joined: Wed Jun 15, 2022 9:32 pm

Re: Deadbolt ransomware

Post by ztoti »

Pilloso wrote:Hello, i followed the solution from Asustor:
https://www.asustor.com/en-gb/knowledge ... oup_id=630

Everything seems fine, but how can I be sure the Nas is clean of viruses?
Is it enough to update ADM, disable services and change ports?
I followed the solution as well, but I can't get initialization page. My server is stack without HDD in black screen forever. What should I do?

Thanks
peribo
Posts: 3
Joined: Fri Jun 17, 2022 6:13 pm

Re: Deadbolt ransomware

Post by peribo »

Hello everyone!

I updated ADM to the latest version, entered the control panel, but found that many files have an additional .deadbolt extension and do not open.

Can we hope for real help from Asustor in this matter?
Maybe there are some anti-virus programs for the solution?
ov2rey
Posts: 26
Joined: Fri Aug 05, 2016 11:13 am

Re: Deadbolt ransomware

Post by ov2rey »

peribo wrote:Hello everyone!

I updated ADM to the latest version, entered the control panel, but found that many files have an additional .deadbolt extension and do not open.

Can we hope for real help from Asustor in this matter?
Maybe there are some anti-virus programs for the solution?
Best solution disable internet access to your NAS or buy synology nas..
peribo
Posts: 3
Joined: Fri Jun 17, 2022 6:13 pm

Re: Deadbolt ransomware

Post by peribo »

ov2rey wrote:
peribo wrote:Hello everyone!

I updated ADM to the latest version, entered the control panel, but found that many files have an additional .deadbolt extension and do not open.

Can we hope for real help from Asustor in this matter?
Maybe there are some anti-virus programs for the solution?
Best solution disable internet access to your NAS or buy synology nas..

This is clear. Are there options for decrypting the affected files?
JHASUSTOR
Posts: 13
Joined: Sun Oct 04, 2020 2:10 am

Re: Deadbolt ransomware

Post by JHASUSTOR »

ov2rey wrote:
peribo wrote:Hello everyone!

I updated ADM to the latest version, entered the control panel, but found that many files have an additional .deadbolt extension and do not open.

Can we hope for real help from Asustor in this matter?
Maybe there are some anti-virus programs for the solution?
Best solution disable internet access to your NAS or buy synology nas..
Buying a Synology NAS is exactly what I did and this is exactly what I'm advising my friends and family to do. I share this issue and direct them to this forum so others are well aware of how poorly Asustor is handling this issue - for the second time. I understand the experts amongst us may disagree and blame the end user but I do not write code/program for a living so I depend on reputable and competent companies to critically evaluate their product or offer a concrete solution once an issue is identified. For those defending Asustor and blaming end users, it's akin to blaming the patient if a surgeon performs the procedure sub-optimally. Guess the patient could have watch You-Tube and done it themselves?
Post Reply

Return to “Backup and Data Protection”