Urgent Notification about TNAS being Attacked by Ransomware

Official announcements and latest news, awards from medias, and sucess stories.
Post Reply
User avatar
REBELinBLUE
Posts: 29
Joined: 05 Dec 2021, 06:37

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by REBELinBLUE »

TMSupport wrote:
> [quote=REBELinBLUE post_id=15726 time=1642018220 user_id=4425]
>
> I tried to add a "Reject" rule for all IPs afterwards and I just
> get a generic "configuration failed" message so it's not entirely
> clear.
>
> It would be nice if someone from terra master would confirm
> [/quote]
>
> Hi! When adding a "Reject" rule, you can't deny all IPs, because
> then the device you are accessing the nas will be banned, which is the
> reason for the "configuration failed".

Yeah although normally I would expect the more specific allow to apply, i.e. reject all then allow this range... but yeah since allowing a specific range allows just that range it does the same thing it's just not very clear from the UI

thanks
User avatar
Jac de Lad
Posts: 38
Joined: 04 Aug 2020, 01:40

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by Jac de Lad »

@TMSupport: Thanks for the answer. As I wrote, my Synology was also under attack. However, the admin-account-problem has been there for a long time. You cannot expect us to set up the Nas completely new. I expected a solution which is performable by people who updated their firmware.

I don't blame you or anyone from Terramaster for the attacks. I just wished to get clearer information on how I can protect myself. "Disabling admin account" is not possible for people who upgraded from earlier firmwares, so I see this as a big problem.
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by TMroy »

Sorry for not making this topic clear.
To disable the admin account, you need to be a new user with a new tos installation from 4.2.09 or later versions. For all users with tos versions installed before 4.2.09 or update to a later version is not possible to disable the default admin account, you need to re-install a new tos later than 4.2.09.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
powerQ
Posts: 65
Joined: 03 Dec 2019, 19:06

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by powerQ »

Just found a Free Ransomware Decryption Tools from synology community, not sure if this can be helpful.
https://www.emsisoft.com/ransomware-decryption-tools/
User avatar
uberunit
Posts: 3
Joined: 07 Dec 2020, 21:52

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by uberunit »

@powerQ introduces a useful point - there is and will be software developed by the industry (e.g. Emisoft above) and by users (e.g. BloodyDoll v1.0.6) which aims to decrypt files targeted by ransomware attacks. In BloodyDoll's case, this software has been seen as more effective at decrypting the files than the software provided after paying the ransom (as read in this exhaustive forum thread: https://www.bleepingcomputer.com/forums ... port-topic ).

These programs will very likely not work right now as the attacks are so recent, however I am personally keeping copies of the few important files which I lost to encryption along with a copy of the ransomware note (as this holds a unique key) in case knowledge on the encryption catches up in the future.
Roccia7
Posts: 62
Joined: 05 Mar 2020, 05:02
Italy

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by Roccia7 »

TMroy wrote:
> Sorry for not making this topic clear.
> To disable the admin account, you need to be a new user with a new tos
> installation from 4.2.09 or later versions. For all users with tos versions
> installed before 4.2.09 or update to a later version is not possible to
> disable the default admin account, you need to re-install a new tos later
> than 4.2.09.
I have a version older than 4.x, but since version 5 is coming out soon, I would like to reinstall the operating system once and reconfigure everything once. Given the situation, is it possible to know more or less when TOS 5 will be released?
User avatar
luckykenny
Posts: 1
Joined: 19 Nov 2020, 16:55

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by luckykenny »

TMroy wrote:
> Sorry for not making this topic clear.
> To disable the admin account, you need to be a new user with a new tos
> installation from 4.2.09 or later versions. For all users with tos versions
> installed before 4.2.09 or update to a later version is not possible to
> disable the default admin account, you need to re-install a new tos later
> than 4.2.09.

How can I install the new 4.2.09 if I can not log in with "Admin"?
User avatar
TMSupport
TerraMaster Team
Posts: 2314
Joined: 13 Dec 2019, 15:15

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by TMSupport »

{L_BUTTON_AT}luckykenny
Hi! You can refer to the article to reinstall the TOS. You need to set a new administrator account during initialization.
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
NavinKanus
Posts: 1
Joined: 13 Jan 2022, 11:02

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by NavinKanus »

I absolutely think that TM could have avoided this situation when they have already learnt in 2019 that QNAP was attacked with the same Ransomware.

Why haven't TM:
1. Send their customer emails about such attack and warn them of the potential attack.
2. Show a popup on the TM login screen to inform about the potential attack on TM NAS devices based on QNAP attack.
3. Update the vulnerability in TM NAS devices with new TOS version.

I do also see that Ver 5.0 is about to release. Did TM fix this vulnerability in this 5.0 TOS version?

I do not also believe that attackers have gained access because of our passwords, it was solely due to a vulnerability in TOS OS that lets an attacker use the root account to do anything they want. And I suspect that TM developers never understood the potential of someone stealing the information and causing such pain to the customers. My password is never saved anywhere it is so complex that nobody could brute force the password, unless they were running an algorithm for a decade.
User avatar
Charlie_Croker
Posts: 105
Joined: 07 Oct 2020, 19:05

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by Charlie_Croker »

NavinKanus wrote:
>
They can hack the CIA, do you really think TM, QNAP or Synology can stop them? All the NAS manufacturers are being attacked and there are zero day vulnerabilities in everything that runs software. I do agree that a more prominent warning should be posted, but QNAP haven't done anything either. Look at Log4j. There's a really good article here about linked at the bottom of this post.

While you may have a complex password, a simple privilege escalation, or managing to cause a stack overflow and or run arbitrary code and your password is useless. Most people use the stock ISP router which rarely if ever gets a firmware update, install cheap as chips, smart bulbs or CCTV cameras. Security is multi layered and starts at the router. For example the earlier

What I do think TM should implement is 2FA and a physical login key. I use these to improve security and while again, they aren't 1000% proof, they help to reduce risk. https://www.pcmag.com/how-to/protect-yo ... curity-key

Links to Zero days
https://threatpost.com/ech0raix-ransomw ... es/168516/
Post Reply