TMSupport wrote:
> Yes, if you set a "Allow" rule, then the IP that does not match this rule will be reject.
Is it possible to also set up "Drop" like OpenWRT? From what I understand, this is more secure as the device never actually acknowledges the attempted connections.
Urgent Notification about TNAS being Attacked by Ransomware
- Saijin_Naib
- Posts: 79
- Joined: 23 Jun 2021, 01:19
Re: Urgent Notification about TNAS being Attacked by Ransomware
I am curious to know if the attacks on TM devices are fueled by the TM unchecked, but requested third party app developments? But since TM refused requests to check and certify apps over a year ago, I guess we would never know.
Re: Urgent Notification about TNAS being Attacked by Ransomware
Hi! You can refer to the detailed description of the notification.PenguinzOnQuack wrote: ↑11 Jan 2022, 23:41 I actually need more help than I realised.
4. Disable the UPnP function on your TNAS.
How?
5. Disable RDP, SSH and Telnet when not in use;
How?
6. Change the default port of FTP.
To what?
8. Disable the system default admin account, re-create a new admin account, and set an advanced password;
How?
9. Enable firewall and only allow trusted IP addresses and ports to access your device;
How do we enable the fire wall and set up the trusted IP address. I use this has a Plex server, will this be affected?
10. Avoid using default port numbers 5443 for https and 8181 for http;
To what?
A step by step guide would be very useful
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
- Jac de Lad
- Posts: 38
- Joined: 04 Aug 2020, 01:40
Re: Urgent Notification about TNAS being Attacked by Ransomware
Point 8. Come on, you can't expect us all to reinstall the system just to be able to throw out the default administrator?!
- Charlie_Croker
- Posts: 105
- Joined: 07 Oct 2020, 19:05
Re: Urgent Notification about TNAS being Attacked by Ransomware
Jac de Lad wrote:
> Point 8. Come on, you can't expect us all to reinstall the system just to
> be able to throw out the default administrator?!
I'm shocked that this appears to be the solution.
> Point 8. Come on, you can't expect us all to reinstall the system just to
> be able to throw out the default administrator?!
I'm shocked that this appears to be the solution.
- Charlie_Croker
- Posts: 105
- Joined: 07 Oct 2020, 19:05
Re: Urgent Notification about TNAS being Attacked by Ransomware
This is my work around to the admin account issue. Its the best I can come up with at this time.
1. Ensure you have another working account with admin privileges setup.
2. Give the default "admin" account a very strong password (use a password manager if needed to suggest one).
3. Control Panel/ User/Permission (Default admin account) , tick the boxes Deny for all shares.
1. Ensure you have another working account with admin privileges setup.
2. Give the default "admin" account a very strong password (use a password manager if needed to suggest one).
3. Control Panel/ User/Permission (Default admin account) , tick the boxes Deny for all shares.
- Jac de Lad
- Posts: 38
- Joined: 04 Aug 2020, 01:40
Re: Urgent Notification about TNAS being Attacked by Ransomware
I already have done that...but it's still present, so it's an unnecessary thread.
Re: Urgent Notification about TNAS being Attacked by Ransomware
{L_BUTTON_AT}"Jac
Hi! Taking a variety of preventive measures can reduce the risk of being attacked, but still cannot guarantee that your device is completely secure. A large number of devices are attacked by ransomware every day, including Terramaster, QNAP, Synology, and even the servers of some large enterprises or government agencies. We will continue to study how ransomware penetrates TNAS devices and will release updates in a timely manner.
https://unit42.paloaltonetworks.com/ech ... ware-soho/
https://www.bankinfosecurity.com/qnap-t ... re-a-18277To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Re: Urgent Notification about TNAS being Attacked by Ransomware
{L_BUTTON_AT}demetry14
This attack is an organized attack on TNAS, a variant of the eCh0raix virus, which usually uses weak passwords or vulnerabilities to attack victims. This time, Synology and QNAP NAS devices were also attacked.
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Re: Urgent Notification about TNAS being Attacked by Ransomware
Hi! Since the ransomware creates a random sequence as the AES Key, and then encrypts the previously generated AES Key with the locally generated RSA public key, and uses the AES CFB algorithm to encrypt the files in the infected device, each encrypted device uses a different key. Likewise, once files are encrypted by ransomware, there is usually no way to decrypt them. If your data is so important that you need to get it back, paying the ransom might be the only way. It's worth reminding that even paying the ransom is not a 100% guarantee that your data will be rescued.NavinKanus wrote: ↑13 Jan 2022, 11:04 Can someone explain the steps to wipe and re-initialize my tnas device?
I know I lost my most valuable memories and documents but I want to get back to my work.
If you are not willing to pay the ransom, intend to give up the encrypted data. You can go to Control Panel > Storage, delete volumes and storage pools, and restore the system to factory settings.
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)