How to protect your TNAS from Deadbolt ransomware?

Official announcements and latest news, awards from medias, and sucess stories.
User avatar
V8Triker
Posts: 82
Joined: 26 Feb 2021, 19:18
Great Britain

Re: How to protect your TNAS from Deadbolt ransomware?

Post by V8Triker »

seajayshome wrote:
> It's worth setting up SNAPSHOTS as well as some other people have said.
> You can install the SNAPSHOT application from the applications icon, and
> set it up to run whenever you want - I have it just running daily as there
> is very little that changes normally.
>
> This then allows you to revert to any previous snapshot in the event that
> some ransomware corrupts your files (nothing is infallible of course, but
> it's another tool to protect your data, and snapshots just take seconds.)


The problem is that SNAPSHOT requires a BTRFS volume, and all my drives are configures for two separate RAID volumes.

Some form of snapshot software would be great, but I like my RAID resilience.
User avatar
seajayshome
Posts: 20
Joined: 12 Feb 2022, 00:38

Re: How to protect your TNAS from Deadbolt ransomware?

Post by seajayshome »

V8Triker wrote:
> seajayshome wrote:
> > It's worth setting up SNAPSHOTS as well as some other people have said.
> > You can install the SNAPSHOT application from the applications icon, and
> > set it up to run whenever you want - I have it just running daily as there
> > is very little that changes normally.
> >
> > This then allows you to revert to any previous snapshot in the event that
> > some ransomware corrupts your files (nothing is infallible of course, but
> > it's another tool to protect your data, and snapshots just take seconds.)
>
>
> The problem is that SNAPSHOT requires a BTRFS volume, and all my drives are
> configures for two separate RAID volumes.
>
> Some form of snapshot software would be great, but I like my RAID resilience.

Using RAID doesn't preclude snapshots - but as you say it would have to use btrfs (which is the default I believe). My system is also setup for RAID, but with btrfs filesystem so snapshot should be available to many people. If you're using EXT4 though you're right it wouldn't be.
User avatar
NecNem
Posts: 0
Joined: 05 Mar 2022, 02:25

Re: How to protect your TNAS from Deadbolt ransomware?

Post by NecNem »

KHnats wrote:
> Some solutions instead of comments:
>
>...
>...
>
> The above may not keep you completely safe, but I think 95% of the attacks
> will simply pass your doorstep. And that is a lot already.
>
> Good luck!

Thank you for the list of steps to better safeguard in future.
When this is all over I will be sure to follow and practice better safeguarding as it's not something I thought about prior.

I do hate to nitpick, but in context of the current situation they are not really solutions; rather preventative measures and moreso advice for later.
Which would also have been amazing to know a month ago, before all this.

There are people who have been effected by this attack who are currently waiting on help and solutions on how to get access to their files again, not really for advice on what they should have done previously.
I do get the feeling that more could have been done earlier to assist, advise and mitigate damage done.

Laypeople buy these products to use them as media servers, file storage for family trips, memories and whatever else, maybe even important documents.
They wouldn't usually know about ports, blocking IP's and using VPNs; or that they can't rely on their internet service's own protective measures.

A common piece of advice is to have backups, which is always a good piece of advice.
But I can appreciate there are people that might use these as the backups behind their desktops.

It's been mentioned numerous times in the thread already; it is a difficult situation for a lot of people and it looks like there is a lot waiting on the next word from TM about what is going to be done to help those still effected and/or if there is nothing to do; say goodbye to your data.
User avatar
mbucayr
Posts: 0
Joined: 05 Mar 2022, 02:23

Re: How to protect your TNAS from Deadbolt ransomware?

Post by mbucayr »

I can not access anything through the TOS this message appears

⚠️
WARNING: YOUR FILES HAVE BEEN LOCKED BY DEADBOLT
❓ What happened?
All your files have been encrypted. This includes (but is not limited to) Photos, Documents and Spreadsheets.
❓ Why Me?
This is not a personal attack. You have been targeted because of the inadequate security provided by your vendor (TERRAMASTER).
❓ What now?
You can make a payment of (exactly) 0.030000 bitcoin to the following address:
bc1qazsmmg8gtcl5plsmnrssqefa9yf5xvem05lvp6

Once the payment has been made we'll follow up with a transaction to the same address, this transaction will include the decryption key as part of the transaction details. [more information]

You can enter the decryption key below to start the decryption process and get access to all your files again.

important message for TERRAMASTER

🔑 Enter your decryption key here..


I can't update, I can't configure

Help Please
User avatar
mbucayr
Posts: 0
Joined: 05 Mar 2022, 02:23

Re: How to protect your TNAS from Deadbolt ransomware?

Post by mbucayr »

Ihave TOS 4.2.09
User avatar
deex
Posts: 6
Joined: 08 Aug 2021, 23:27

Re: How to protect your TNAS from Deadbolt ransomware?

Post by deex »

@mbucayr

See this thread

viewtopic.php?f=6&t=2877

@KHnats

Did Snapshots in practice helped you to recover of it?
User avatar
enderandrew
Posts: 0
Joined: 09 Mar 2022, 01:52

Re: How to protect your TNAS from Deadbolt ransomware?

Post by enderandrew »

If I log into TOS, I get a notification that an update is available. And TOS shows I'm connected to the internet with a public IP.

If I tell TOS to look online for an update, it says none is available. If I manually download the update and point it at the *.bz2 file, it gets to the unzipping step and never finishes.

There is a 5.0 beta. The instructions for that say to do a factory reset. I did that and pointed it to the 5.0 *.ins file. Now I can see my F4-210 connected to my router, and the router gave it an IP address, but the Windows app can't find it and I can't log into TOS from the browser with the IP address the router says the TNAS is on.

Did I just completely hose my TNAS because of this vulnerability and the update not applying correctly?

https://imgur.com/gallery/A89U95n
User avatar
Jac de Lad
Posts: 38
Joined: 04 Aug 2020, 01:40

Re: How to protect your TNAS from Deadbolt ransomware?

Post by Jac de Lad »

@enderandrew: install 4.2.18 manually, then the most recent update.
User avatar
TMSupport
TerraMaster Team
Posts: 2314
Joined: 13 Dec 2019, 15:15

Re: How to protect your TNAS from Deadbolt ransomware?

Post by TMSupport »

{L_BUTTON_AT}enderandrew
It may be that the system partition md9 is full, causing the decompression to fail. Please contact our tech team to help troubleshoot it. TOS 5 needs requires a new version of TNAS PC. If you want to install TOS 5, please read the article first.
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
paulgraz
Posts: 2
Joined: 28 Feb 2021, 02:19

Re: How to protect your TNAS from Deadbolt ransomware?

Post by paulgraz »

Has there been any update on this issue?

I got hit today, about 3 hours ago. I guess I wasn't keeping up as I had no idea what this was going on. I have a F2-220 with 2 3TB drives setup as Raid 1. It's been running that way since 2017 without any issues.

I powered the NAS off immediately when I saw some encrypted files with the extension .iLife The 2 HD activity lights were going nuts.

I do not have a recent backup. (Mistake #1), and I had not updated the firmware in years (mistake #2) I guess I'm going to have to rethink all of this.

I've also completely disabled uPnP on my router.

If I turn the NAS back on will it continue encrypting?

I'm considering pulling the 2 HDs and buying 2 new ones in the hope that a decrypting tool will eventually surface - I really cannot afford to pay the ransom right now.
Post Reply