How to protect your TNAS from Deadbolt ransomware?

Official announcements and latest news, awards from medias, and sucess stories.
User avatar
titanrx8
Posts: 222
Joined: 17 Jul 2020, 06:17

Re: How to protect your TNAS from Deadbolt ransomware?

Post by titanrx8 »

TM220user wrote: 21 Jun 2022, 19:43 chourmovs wrote:
>
>
> Yes if you power on it should continue to encrypt
> You have to reinstall/update system to fix this


Well, it looks like I just tripped the activation of mine starting to encrypt (was doing a reboot to add a SSD).
After the reboot, I no longer had access to any of my user accounts (including my 'admin' account that was setup under the new "protection" supposedly offered by the 4.2.30+ OS 'improvements' LMAO. What a farce.

I was running 4.2.32-2203011626 according to the screenshot I took literally before rebooting. (it was up for 36 days before this morning, so whatever happened, happened RECENTLY, and on the current TOS.)

I had NO access allowed to anything publicly. I only access it LOCALLY. (And most of those options were supposed to be disabled [by me]: for example: UPnP, SMB, FTP, WebDAV, RSync, etc)
So I *thought* I had everything locked down pretty well... The only way I can see it being accessible is via whatever backdoor TerraMaster themselves built in (for things like phoning home to check for software updates, or for them to access our machine to 'assist' in whatever problem arises via their support team we see so often mentioned; "contact our support team so they can have a look...")

Anyways, the reason I'm writing is to say that even the current TOS 'os' is NOT SECURED YET against getting locked out of your system and having files encrypted.

I've about had my fill of this "OS".
Sorry to hear this. If you were running btrfs with snapshots you might be able to roll back to a time period prior to crypto. Others have reported this to work.

Initially, when these cryptos were attacking other NAS brands I bought and installed a standalone firewall. I had previously written rules for the TNAS Firewall that prevented all remote access but noticed that it took several minutes after bootup before the firewall rules were activated. This seemed too risky to me so added the external firewall. This way, all remote traffic has to hit the firewall first. Using the TOS firewall rules, the attacking packets are already on your network and it's up to TOS to reject them.

Your suspicion about phone home possibilities are correct. My Firewall blocks numerous outbound flows from my TOS servers everyday. My Firewall blocks everything to or from the TOS machines that isn't local.
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

Re: How to protect your TNAS from Deadbolt ransomware?

Post by TMroy »

{L_BUTTON_AT}TM220user

Although you write a lot, you provide almost no helpful information.

For example:
1. what is your model number?
2. how do you know your files are being encrypted?
3. did you see any pop-up menu that guide you to pay the ransom?This is the important thing ransomware asks for.
4. what is the name of the ransomware?

I can't tell if the issue you're facing is caused by a ransomware attack or a system glitch.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
TM220user
Posts: 18
Joined: 01 Mar 2022, 23:08

Re: How to protect your TNAS from Deadbolt ransomware?

Post by TM220user »

{L_BUTTON_AT}TM220user
TMroy wrote: 22 Jul 2022, 10:31 Although you write a lot, you provide almost no helpful information.
Rest assured, the feeling is mutual. Especially when someone asks you a specific question, which you do not answer. It took weeks, but I managed to get my unit back online thanks.
F2-220 (x86 flavored!)
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

Re: How to protect your TNAS from Deadbolt ransomware?

Post by TMroy »

{L_BUTTON_AT}TM220user

Sorry to leave you such a feeling, we will move forward to be better, keep pushing us.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
powerQ
Posts: 65
Joined: 03 Dec 2019, 19:06

Re: How to protect your TNAS from Deadbolt ransomware?

Post by powerQ »

oooh, really? I did not find such a report in this forum recently, maybe I missed them? Anyway, I made a backup to a USB drive with USB copy that releases my stress a lot.
F4-221 TOS 5.1.34 (SAMSUNG 250 SSD x1, WD Red 8TB x 1, Single drive)
F2-423 TOS 5.1.34 RAID1(12TB IronWolf x 2)
Post Reply