Has anyone heard about the ransomware thats happened for Synology lately?
Wondering what the situation is for Asustor, are we on the same boat and vulnerable?
Thanks
N
Ransomware
- Kapitein Haak
- Posts: 333
- Joined: Tue Oct 15, 2013 2:40 pm
- Location: Stranded on the Dutch coast.
Re: Ransomware
Yes, i've seen multiple sites reporting on this. As it seems to be unknown how the Synology's are attacked you cannot be certain if your Asustor is save. The only secure network device is a device with it's network cable unplugged...
There are reports which seem to indicate that heartbleed is to blame (this is where Asustor NASses would be safe) and only Synology's with old firmware are attacked. The ransomware seems to work like it's pc counterpart (cryptolocker if I recall correctly). The files on your NAS are encrypted by the NAS itself and are unrecoverable unless you have the private key.
I was just about to add a feature request to Asustor: add an option similar to GeoIP on the Synology. Blocking access to all countries except the ones with lower risk (and at least the one you live in )
Best regards,
Kapitein Haak.
There are reports which seem to indicate that heartbleed is to blame (this is where Asustor NASses would be safe) and only Synology's with old firmware are attacked. The ransomware seems to work like it's pc counterpart (cryptolocker if I recall correctly). The files on your NAS are encrypted by the NAS itself and are unrecoverable unless you have the private key.
I was just about to add a feature request to Asustor: add an option similar to GeoIP on the Synology. Blocking access to all countries except the ones with lower risk (and at least the one you live in )
Best regards,
Kapitein Haak.
"What would the world be like without Captain Hook?"
---
"Homo sapiens non urinat in ventum" (A wise man doesn't piss into the wind), only in Amsterdam:
https://www.google.nl/maps/@52.36289,4. ... 312!8i6656
---
"Homo sapiens non urinat in ventum" (A wise man doesn't piss into the wind), only in Amsterdam:
https://www.google.nl/maps/@52.36289,4. ... 312!8i6656
-
- Posts: 13
- Joined: Fri May 02, 2014 5:51 am
Re: Ransomware
Hi Kapitein,
Thanks for the quick reply!
I guess I'll have to restrict my NAS from the outside world till when ever i guess and just have it within the house.
But probably be good if Asustor had some reply on this or some feedback....
Thanks
N
Thanks for the quick reply!
I guess I'll have to restrict my NAS from the outside world till when ever i guess and just have it within the house.
But probably be good if Asustor had some reply on this or some feedback....
Thanks
N
- mafredri
- Posts: 371
- Joined: Sat Mar 22, 2014 8:41 am
Re: Ransomware
If you're worried, your best bet is to minimize the points of attack. For example, the only service I expose to the outside world is the OpenVPN server, only when connected can I access my other services. Personally I doubt anybody will be able to exploit it, and I doubt anyone has enough incentive to try to target me specifically . For added security you might try obfuscation (e.g. changing the port number to a non-default port).
Just because some Synology systems are vulnerable doesn't mean your ASUSTOR is.
Just because some Synology systems are vulnerable doesn't mean your ASUSTOR is.
Hi, I'm new here. Looking to be active in the community and help with development .
Storage: AS-604T with 3GB RAM (Kingston KVR1333D3S8S9/2G)
Storage: AS-604T with 3GB RAM (Kingston KVR1333D3S8S9/2G)
-
- Posts: 1
- Joined: Sat Oct 29, 2016 12:33 am
Re: Ransomware
It seems that number of ransomware will grow without ending, the latest version of this infection named Thor have already attacked several thousands computers in Germany, the only tool I could found here but I am not sure that it is real..