Urgent Notification about TNAS being Attacked by Ransomware

Official announcements and latest news, awards from medias, and sucess stories.
User avatar
Charlie_Croker
Posts: 105
Joined: 07 Oct 2020, 19:05

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by Charlie_Croker »

TMroy wrote:
>
What the same tech team that thought this kind of coding was acceptable?
Can I ask what Quality Control you have on coding? Do you run any penetration testing? Look for vulnerabilities etc?

In the last couple of months your "tech team" released code that stopped the NAS fans working and had allowed an OS which allowed Remote Code Execution so easily a child could do it.

I suspect you need a new "Tech team", or better leadership.
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by TMroy »

As you can see from the article, the encryption key of php has been cracked. This was something they didn't expect. They are rushing to make new, safer solutions.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
KHnats
Posts: 6
Joined: 06 Jul 2021, 23:04

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by KHnats »

So sorry for all the users that got infected and lost their data. I know how it feels, I was victim of the ransomware attack on 26 Dec 2020...

I have said it then and I will state it again, these devices only become 'safish' when behind a third party firewall. Hackers will keep on finding exploits and despite all the safety measures implemented by TerraMaster, I don't think it is a good idea to rely on software of one device only, especially when it is built by developers with experience in building shared drives, not firewalls and security. I am using Firewalla, which is built by guys who came from CISCO, but there are others too. Point is, you should protect your network with a device built by people who understand security.

Also, fix your DNS to 1.1.1.2 and 1.0.0.2 or 1.1.1.3 and 1.0.0.3 as this will help to block malware on a DNS level. It is always good to have this in use on your whole network.

Aim for the following when you setup your firewall:

1. All ports closed - better is all ports stealth as it will delay the ping and use up resources of the hacker and the software they use is likely programmed to not.
2. Separate your network and terramaster network, and define what is allowed and when.
3. Apply ZERO-trust, only allow TerraMaster to reach verified safe domains and IPs.
4. Disable what you don't need.
5. Don't allow access from the internet to your device, allow access from Intranet only. Use the VPN of the firewall to get access.
6. Backup to at least two other places

I have a question for @TMROY. Backblaze backup seems to be malfunctioning and I have tried everything to get it to work, but it seems there may be some issue. I know you are all very busy to solve the attack, but backup is an important part of staying safe. I think your team may want to have a look. I have seen several complaints on this forum and I too cannot get backblaze to work anymore.

Thanks.
User avatar
REBELinBLUE
Posts: 29
Joined: 05 Dec 2021, 06:37

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by REBELinBLUE »

TMroy wrote:
> As you can see from the article, the encryption key of php has been
> cracked. This was something they didn't expect. They are rushing to make
> new, safer solutions.

Sorry Tmroy but the "encryption key" is nothing of the sort and security through obscurity is not security, hoping PHP can't see the code is not security, people can't see the code of Windows but it used to constantly get attacked. Running Nginx and PHP as the root user and then passing user input to shell_exec with absolutely no validation is terrible software engineering.

Given what the code looked like when I looked at it I would be surprised if there are any unit, integration or functional tests and even more surprised if there was any penetration testing at all.
User avatar
REBELinBLUE
Posts: 29
Joined: 05 Dec 2021, 06:37

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by REBELinBLUE »

"...hoping PHP can't see the code..." should have been "...hoping people can't see the code..."
User avatar
titanrx8
Posts: 222
Joined: 17 Jul 2020, 06:17

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by titanrx8 »

With respect to the #8 recommendation regarding the admin account:
8. Disable the system default admin account, re-create a new admin account, and set an advanced password;
Note: For versions after TOS 4.2.09, you can set the administrator account without using the default admin username when installing the system. If it was upgraded from a version before TOS 4.2.09, you need to install a new version of the system, then you can customize the user name.

I did a full new install to get the latest TOS on one of my TNAS systems. The first instruction is to backup the config file. During setup I created an alternate admin account as stated in #8 above. Once the system was rebooted and logged in as the new admin, I restored the config file and it also changed the admin account back to admin and my alternate was gone.

Short of doing the full new TOS install again and then manually re-creating all of my settings, how can I set up the alternate admin account and disable the default admin account?
User avatar
titan5
Posts: 29
Joined: 10 Mar 2021, 14:28

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by titan5 »

TMroy wrote:
> As you can see from the article, the encryption key of php has been
> cracked. This was something they didn't expect. They are rushing to make
> new, safer solutions.

Hopefully the patch/fix will be quicker than the TOS 5 roll-out (and better security in TOS 5 when rolled out).
User avatar
TMSupport
TerraMaster Team
Posts: 2314
Joined: 13 Dec 2019, 15:15

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by TMSupport »

KHnats wrote: 17 Jan 2022, 00:44
I have a question for @TMROY. Backblaze backup seems to be malfunctioning and I have tried everything to get it to work, but it seems there may be some issue. I know you are all very busy to solve the attack, but backup is an important part of staying safe. I think your team may want to have a look. I have seen several complaints on this forum and I too cannot get backblaze to work anymore.

Thanks.
Please report backblaze issue you encounter to us and we will verify it.
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
TMSupport
TerraMaster Team
Posts: 2314
Joined: 13 Dec 2019, 15:15

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by TMSupport »

titanrx8 wrote: 17 Jan 2022, 03:53 With respect to the #8 recommendation regarding the admin account:
8. Disable the system default admin account, re-create a new admin account, and set an advanced password;
Note: For versions after TOS 4.2.09, you can set the administrator account without using the default admin username when installing the system. If it was upgraded from a version before TOS 4.2.09, you need to install a new version of the system, then you can customize the user name.

I did a full new install to get the latest TOS on one of my TNAS systems. The first instruction is to backup the config file. During setup I created an alternate admin account as stated in #8 above. Once the system was rebooted and logged in as the new admin, I restored the config file and it also changed the admin account back to admin and my alternate was gone.

Short of doing the full new TOS install again and then manually re-creating all of my settings, how can I set up the alternate admin account and disable the default admin account?
Hi! The administrator user of original system configuration was admin, which overwrites your newly created administrator. Currently you can only set a new administrator in the initialization interface, and you can reset the system configuration to return to the initialization interface.
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
KHnats
Posts: 6
Joined: 06 Jul 2021, 23:04

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by KHnats »

TMSupport wrote:
> [quote=KHnats post_id=15878 time=1642351495 user_id=3723]
>
> I have a question for @TMROY. Backblaze backup seems to be malfunctioning
> and I have tried everything to get it to work, but it seems there may be
> some issue. I know you are all very busy to solve the attack, but backup is
> an important part of staying safe. I think your team may want to have a
> look. I have seen several complaints on this forum and I too cannot get
> backblaze to work anymore.
>
> Thanks.
> [/quote]
>
> Please report backblaze issue you encounter to us and we will verify it.

I receive a "operation failed!" message on two different TerraMaster F221 drives. This message occurs when I use the native Backblaze B2 app and when using the Duple Backup app. It seems to be happening when making a new connection. Connections that I had previously successfully established seemed to be working, but new connections cannot be established. I am behind a firewall, but for making the connection I had switched off the firewall for the TerraMaster drives completely. Backblaze in itself is whitelisted as a service and the IP addresses listed by backblaze are all alllowed for outbound traffic anyway - https://help.backblaze.com/hc/en-us/art ... dress-List.
Thank you for looking into this.
Post Reply