Urgent Notification about TNAS being Attacked by Ransomware

Official announcements and latest news, awards from medias, and sucess stories.
User avatar
TMSupport
TerraMaster Team
Posts: 2314
Joined: 13 Dec 2019, 15:15

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by TMSupport »

{L_BUTTON_AT}xmal99
System error, please try to reinstall the system.
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
LaMosca
Posts: 0
Joined: 23 Jan 2022, 11:23

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by LaMosca »

xmal99 wrote:
> Hello!
> As a lot of People here, I've been attacked by deadbolt. I was lucky to see
> this and interrupt the encryption process before my photo had been
> modified. So only non essential doc have been encrypted.
> I used the process number 1 to restart my Nas: Backup config + reset
> factory.
> But I have the following problem I can't understand and correct. On every
> page, every popup, on the left screen with name/Net info and ressources
> info, even in the background of the main screen just up of the time &
> date, I have this message:
> Warning: syntax error, unexpected '=' in /etc/.default.sys on line 4 in
> /usr/www/include/class/func.class.php on line 491
>
> And in the control pannel / update and recovery, I can't do reset or
> recovery anymore. Here is a screen shot.
> By the way the nas is really online but the nas tell me offline since this
> problem. Perhaps it's only a config problem since reset for the offline
> trouble.
>
> Here is a screenshot very clear of my problem:
> https://postimg.cc/w1GYw1TW
>
> Thanx for your help!

Hello, what I recommend is to talk to the terra master online support, they will help you. Definitely.
User avatar
LaMosca
Posts: 0
Joined: 23 Jan 2022, 11:23

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by LaMosca »

Today I received a very curious connection attack to a camera. hahaha The Anti-Scan Defender stopped it completely. LOL

here the test. the attack comes through a proxy. ha ha

IP Address-Already Blocked: ✔️ 64.227.112.120

Deny Host-Web Attack: 💥〰︎〰 http://64.227.112.120

Detecting Scanning Warning URL: ⛔

http://24.105.75.221:80/onvif/index

Reference.
Tip: Click a model to generate a URL for your camera

https://www.ispyconnect.com/camera/china

0000, 002hit, IPCAM P2P, Other FFMPEG

http:// videostream.asf?user=[USERNAME]&pwd=[PASSWORD]&resolution=64&rate=0

they want the user pass hahaha

Mi The Anti-Scan Defender paralyzes everything.

The Anti-Scan Defender
http://larry.serveftp.com/ayuda/
User avatar
arch_edgoce7
Posts: 1
Joined: 06 Feb 2021, 17:15

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by arch_edgoce7 »

Hi All,
I'm not very techy person and I was hit by deadbolt encrypting 90% of around 4 tb of work related data, 10 years of work and 15 years of memories in form of videos and photos. Since I am not really IT person, I have not setup a good backup. The time I learned this, I just shut down my NAS, and not to connect it on internet again. I've been unemployed close to one year now due to pandemic and I don't have the fund to pay the ransom.

For those whose gone thru this ordeal, Can somebody shed me a light on this:

1. Is there a time limit given to decrypt the the deadbolted files ( say 24, 48 hours)?.
2. Is the 3d digit key unique for each case, or can be re-used by other users?
If so, have you found somebody generous enough to share the key they got , that might work for others
3. Has TNAS released yet a fix to decrypt the files bypassing the key
and a fix this to avoid it in the future ?

I am really begging anyone here generous who can help me decrypt my files as this is my only source of livelihood.

God bless your heart.
Edd
User avatar
Charlie_Croker
Posts: 105
Joined: 07 Oct 2020, 19:05

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by Charlie_Croker »

arch_edgoce7 wrote:
>
Hi Edd,

I hope things start looking up for you soon. Hang in there, the tide goes out but it does come back in.
1. No there doesn't appear to be a time limit
2. Its probably unique for each NAS hit
3. No news of any fix from QNAP although there are people working on something watch this for more https://www.youtube.com/watch?v=REsWAfHiW6g

Charlie
User avatar
LaMosca
Posts: 0
Joined: 23 Jan 2022, 11:23

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by LaMosca »

> God bless your heart.
> Edd


What I was suspecting. QNAP Turbo NAS QTS 4.3.3.1799 tries to infest my TNAS. This is not a scan, this is an attempt to infest my TNAS.

Here I leave the evidence.
QNAP
http://114.32.61.59:9119/cgi-bin/

Logo in my System. Anti Scan Defender

IP Address-Already Blocked: ✔️ 114.32.61.59

Deny Host-Web Attack: 💥〰︎〰 http://114-32-61-59.hinet-ip.hinet.net

attempt to enter to infest my TNAS.
Detecting Scanning Warning URL: ⛔
http://larry.serveftp.com/db/db-admin/index.php?lang=en

If you want to detect or protect your TNAS this is the page contact me on telegram. to help.
https://t.me/terramasters
User avatar
Charlie_Croker
Posts: 105
Joined: 07 Oct 2020, 19:05

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by Charlie_Croker »

LaMosca wrote:
>
Update your QTS, thats an out of date build. Go to at least 4.5.4 or even better 5.0
User avatar
Charlie_Croker
Posts: 105
Joined: 07 Oct 2020, 19:05

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by Charlie_Croker »

LaMosca wrote:

> What I was suspecting. QNAP Turbo NAS QTS 4.3.3.1799 tries to infest my TNAS. This is
> not a scan, this is an attempt to infest my TNAS.

QTS 4.3.6 is over 3 years old, (28/03/2019) and you’re using 4.3.3!!! So thats even older. QNAP has been hit with numerous ransomware since then (Qlocker, Deadbolt and more)…..

https://www.qnap.com/en-uk/download?mod ... y=firmware
User avatar
LaMosca
Posts: 0
Joined: 23 Jan 2022, 11:23

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by LaMosca »

Charlie_Croker wrote:
> LaMosca wrote:
>
> > What I was suspecting. QNAP Turbo NAS QTS 4.3.3.1799 tries to infest my TNAS.
> This is
> > not a scan, this is an attempt to infest my TNAS.
>
> QTS 4.3.6 is over 3 years old, (28/03/2019) and you’re using 4.3.3!!! So thats even
> older. QNAP has been hit with numerous ransomware since then (Qlocker, Deadbolt and
> more)…..
>
> https://www.qnap.com/en-uk/download?mod ... y=firmware

my answer.

no, I don't use that. I only said in the forum that there was an attack from that IP. QNAP
http://114.32.61.59:9119/cgi-bin/

and my system blocked it quickly.
IP Address-Already Blocked: ✔️ 114.32.61.59
User avatar
Charlie_Croker
Posts: 105
Joined: 07 Oct 2020, 19:05

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by Charlie_Croker »

So you're just posting to say that you blocked a QNAP that was trying to infect your system? Or did it just do a port scan?

In the last 3 days according to my IPS . I have had 18 "possible network Intrusion attempts" , numerous "ET Drop Dshields", 17 "ET Scans", 1x attempted information leak".

I use Unifi Security Gateway Pro, with a UDM Pro ready to be installed when I get the time. It has very good IPS. https://help.ui.com/hc/en-us/articles/3 ... y-Settings
Post Reply