How to protect your TNAS from Deadbolt ransomware?

Official announcements and forum rules.
User avatar
titanrx8
Posts: 184
Joined: 17 Jul 2020, 06:17

Re: How to protect your TNAS from Deadbolt ransomware?

Post by titanrx8 » 22 Jul 2022, 06:59

TM220user wrote:
21 Jun 2022, 19:43
chourmovs wrote:
>
>
> Yes if you power on it should continue to encrypt
> You have to reinstall/update system to fix this


Well, it looks like I just tripped the activation of mine starting to encrypt (was doing a reboot to add a SSD).
After the reboot, I no longer had access to any of my user accounts (including my 'admin' account that was setup under the new "protection" supposedly offered by the 4.2.30+ OS 'improvements' LMAO. What a farce.

I was running 4.2.32-2203011626 according to the screenshot I took literally before rebooting. (it was up for 36 days before this morning, so whatever happened, happened RECENTLY, and on the current TOS.)

I had NO access allowed to anything publicly. I only access it LOCALLY. (And most of those options were supposed to be disabled [by me]: for example: UPnP, SMB, FTP, WebDAV, RSync, etc)
So I *thought* I had everything locked down pretty well... The only way I can see it being accessible is via whatever backdoor TerraMaster themselves built in (for things like phoning home to check for software updates, or for them to access our machine to 'assist' in whatever problem arises via their support team we see so often mentioned; "contact our support team so they can have a look...")

Anyways, the reason I'm writing is to say that even the current TOS 'os' is NOT SECURED YET against getting locked out of your system and having files encrypted.

I've about had my fill of this "OS".
Sorry to hear this. If you were running btrfs with snapshots you might be able to roll back to a time period prior to crypto. Others have reported this to work.

Initially, when these cryptos were attacking other NAS brands I bought and installed a standalone firewall. I had previously written rules for the TNAS Firewall that prevented all remote access but noticed that it took several minutes after bootup before the firewall rules were activated. This seemed too risky to me so added the external firewall. This way, all remote traffic has to hit the firewall first. Using the TOS firewall rules, the attacking packets are already on your network and it's up to TOS to reject them.

Your suspicion about phone home possibilities are correct. My Firewall blocks numerous outbound flows from my TOS servers everyday. My Firewall blocks everything to or from the TOS machines that isn't local.

User avatar
TMroy
Customer Service
Posts: 2003
Joined: 10 Mar 2020, 14:04

Re: How to protect your TNAS from Deadbolt ransomware?

Post by TMroy » 22 Jul 2022, 10:31

{L_BUTTON_AT}TM220user

Although you write a lot, you provide almost no helpful information.

For example:
1. what is your model number?
2. how do you know your files are being encrypted?
3. did you see any pop-up menu that guide you to pay the ransom?This is the important thing ransomware asks for.
4. what is the name of the ransomware?

I can't tell if the issue you're facing is caused by a ransomware attack or a system glitch.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Technical team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)

User avatar
TM220user
Posts: 14
Joined: 01 Mar 2022, 23:08

Re: How to protect your TNAS from Deadbolt ransomware?

Post by TM220user » 24 Jul 2022, 23:01

{L_BUTTON_AT}TM220user
TMroy wrote:
22 Jul 2022, 10:31
Although you write a lot, you provide almost no helpful information.
Rest assured, the feeling is mutual. Especially when someone asks you a specific question, which you do not answer. It took weeks, but I managed to get my unit back online thanks.
F2-220 (x86 flavored!)

Post Reply