Urgent Notification about TNAS being Attacked by Ransomware

Official announcements and latest news, awards from medias, and sucess stories.
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by TMroy »

{L_BUTTON_AT}Knurpel
First of all, thank you for your advice! There is no doubt that some of the items you mentioned are in line with our plan, but not all.
As you said, many NAS users are novice users who don't know much about NAS. We need to find a balance between security and convenience, instead of going to the extreme and blindly banning all features, otherwise, users will buy a product they don't know how to use. For advanced users, it is not difficult to customize some configuration, but for beginners, this is not the case.

Part of your accusation stems from your taking it out of context. The fact is, it is recommended that users map the port on the router in the DDNS remote access setting chapter. Excuse me, if the port is not mapped, how can the user use the DDNS service?

We just released a new update to improve the security and more other issues, We will continue to update our system so that it can withstand tougher challenges.

Anyway, thank you for all your comments.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
Knurpel
Posts: 0
Joined: 20 Jan 2022, 00:36

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by Knurpel »

I don't think you understand. I am not talking about getting rid of features. I strongly recommend to disengage network-facing services by default. If the customer needs a service, the customer will turn it on.

- It creates awareness that the port is open.
- It avoids services to be enabled that are never used
- It puts the responsibility in the hands of the customer

I did not even mention DDNS. I reiterate that opening ports for access from the outside is dangerous, especially in the hands of amateurs. Also, with the spread of CGNAT, increasingly it will not work. Outside access can safely be facilitated with a reverse tunnel.
User avatar
Meeni
Posts: 6
Joined: 11 Mar 2021, 05:00

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by Meeni »

Where do I register to receive such important security updates?
I read this messages more than 10 days later, because I stumble upon it at random. There should be some channel to receive such critical information timely.

I quickly go and check my setup, still running the vulnerable version because there is no auto-update functionality. Fully automatic auto-updates are problematic, but the first thing TNAS should have done when I logged-in is have a popup with "NEW VERSION AVAILABLE< CRITICAL SECURITY FIX" and a button to install the update immediately.

I will not and cannot turn off Upnp at the router level. How can I prevent TNAS from opening ports I never intended to open in the first place? The "Upnp" feature on TNAS says it 'advertises to the local LAN', nowhere does it warns that it is going to open WAN ports. Please do not confuse your users.
User avatar
titanrx8
Posts: 222
Joined: 17 Jul 2020, 06:17

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by titanrx8 »

Meeni wrote:
> Where do I register to receive such important security updates?
> I read this messages more than 10 days later, because I stumble upon it at
> random. There should be some channel to receive such critical information
> timely.
>
If you have a notification email address entered in your TOS settings you will receive an email from TM. I received 2 emails the same day this thread posted in the community forum.
User avatar
KHnats
Posts: 6
Joined: 06 Jul 2021, 23:04

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by KHnats »

Knurpel wrote:
> I don't think you understand. I am not talking about getting rid of
> features. I strongly recommend to disengage network-facing services by
> default. If the customer needs a service, the customer will turn it on.
>
> - It creates awareness that the port is open.
> - It avoids services to be enabled that are never used
> - It puts the responsibility in the hands of the customer
>
> I did not even mention DDNS. I reiterate that opening ports for access
> from the outside is dangerous, especially in the hands of amateurs. Also,
> with the spread of CGNAT, increasingly it will not work. Outside access
> can safely be facilitated with a reverse tunnel.


The previous attack was due to a UPnP error. My device was "offline" at that time, ports should have been closed. But software error still opened the port by UPnP. So I have learned my lesson, to not trust on the security features built-in the TNAS drive. Think of it, if you know how to bake pizza, it doesn't mean you can bake cakes. So if you can built a NAS drive, does that make you an internet security professional? There are plenty of good options out on the market. I am using a Firewalla - built by guys who came from Cisco - and the NAS is behind it with zero trust policy. Whatever connections I allow, Backblaze, terra-master.com, dropbox etc is outbound allowed only. VPN allows access to intranet which is how the drive can be accessed.

So I agree to take it offline, but please do it with a device built by security experts.
User avatar
Charlie_Croker
Posts: 105
Joined: 07 Oct 2020, 19:05

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by Charlie_Croker »

Meeni wrote:
> Where do I register to receive such important security updates?
> I read this messages more than 10 days later, because I stumble upon it at
> random. There should be some channel to receive such critical information
> timely.
>
> I quickly go and check my setup, still running the vulnerable version
> because there is no auto-update functionality. Fully automatic auto-updates
> are problematic, but the first thing TNAS should have done when I logged-in
> is have a popup with "NEW VERSION AVAILABLE< CRITICAL SECURITY
> FIX" and a button to install the update immediately.
>
> I will not and cannot turn off Upnp at the router level. How can I prevent
> TNAS from opening ports I never intended to open in the first place? The
> "Upnp" feature on TNAS says it 'advertises to the local LAN',
> nowhere does it warns that it is going to open WAN ports. Please do not
> confuse your users.


Please turn off Upnp on your router https://nordvpn.com/blog/what-is-upnp/
User avatar
LaMosca
Posts: 0
Joined: 23 Jan 2022, 11:23

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by LaMosca »

START HERE This is the logo of the Script that I have created to protect my terramaster.

If you are interested in having a copy to protect your terramaster Contact me on telegram.

https://t.me/seguridad_terramaster

Here you will see attempts to attack my terramaster
All attackers were banned from my terramaster. a logo was visible to me.
You can see all the logo activity here...

http://larry.serveftp.com/milog.txt

CAUTION. DO NOT GO TO THE HOME PAGE IN THIS TERRAMASTER. your IP address will be blocked for future reference.

hacker logo see here.

http://larry.serveftp.com/hacker_logo.txt
User avatar
REBELinBLUE
Posts: 29
Joined: 05 Dec 2021, 06:37

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by REBELinBLUE »

I don't think that was specifically someone trying to target your TNAS, that looks like someone trying the host to see if it is vulnerable to the recent widespread log4j exploit, which TNAS isn't
User avatar
Jac de Lad
Posts: 38
Joined: 04 Aug 2020, 01:40

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by Jac de Lad »

Then why do people report losing data and getting a ransomware notice?
User avatar
REBELinBLUE
Posts: 29
Joined: 05 Dec 2021, 06:37

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by REBELinBLUE »

I was referring to the log from the previous post, not the entire thread
Post Reply