Page 1 of 5

How to protect your TNAS from Deadbolt ransomware?

Posted: 01 Mar 2022, 20:18
by TMSupport
How to protect your TNAS from Deadbolt ransomware?

We've been receiving reports recently that some users' TNAS devices are being attacked by the Deadbolt ransomware. According to our study of these cases, once the device is attacked, the user's data will be encrypted. The Deadbolt ransomware will mutate and launch attacks according to different NAS devices. Thousands of NAS devices of other brands have been attacked by the Deadbolt ransomware over the past month. Unfortunately, TNAS has also become the target of this attack.

After studying this ransomware, we have fixed the vulnerabilities in the TOS system that may be exploited by the ransomware. We will continue to work hard to improve the security of the TOS system and release updates in time.

What should I need to do now?
1. Immediately check whether your TNAS device is under attack;
2. If your device has not been attacked, please refer to the guidelines to improve your TNAS security;
3. If your device has been attacked, please refer to the following countermeasures.

What should I do if my TNAS has been attacked by Deadbolt ransomware?
1. Shut down the TNAS device; x.86 models: short press the power button; ARM models: long-press the power button for 3 seconds;
2. It is recommended that you re-install the latest version of the TOS system (4.2.30 or later) to prevent unencrypted files from continuing to be encrypted.
3. If your files have been encrypted, reinstalling the TOS system can not help you deal with the encrypted files, but will allow you to continue to use the device more safely;
4. If you want to perform other decryption operations, you may not be able to enter the Deadbolt key to decrypt after reinstalling the TOS system, please operate with needed.
How to reinstall the TOS system?
5. Please refer to the guidelines to improve your TNAS security.

Re: How to protect your TNAS from Deadbolt ransomware?

Posted: 01 Mar 2022, 21:21
by chourmovs
[quote=TMSupport post_id=16796 time=1646137105 user_id=59]
2. It is recommended that you reinstall the latest version of the TOS system (4.2.29 or later) to completely remove the virus.
[/quote]
I can't access to my TOS webapp, how I can do this if only 4.2.28 is present on my system partition ?
Do I have to hard reinstall (2nd method by removing hard drive then putting it back) then update normaly ?

Re: How to protect your TNAS from Deadbolt ransomware?

Posted: 01 Mar 2022, 23:08
by TMroy
{L_BUTTON_AT}chourmovs

Then you need to follow the guide to re-stall your TOS to the latest version. The latest version is 4.2.30

Re: How to protect your TNAS from Deadbolt ransomware?

Posted: 02 Mar 2022, 00:07
by chourmovs
and when you say "Remove the ransomware", what about my whole photo collection with .deadbolt extension ?
How do I recover those with no backup available ?
Thank you for your help

Re: How to protect your TNAS from Deadbolt ransomware?

Posted: 02 Mar 2022, 05:39
by Charlie_Croker
“ 2. It is recommended that you reinstall the latest version of the TOS system (4.2.29 or later) to completely remove the virus.
[/quote]”

4.2.28 is the most recent version for Intel versions? (well its what shows for my F2-422)

Re: How to protect your TNAS from Deadbolt ransomware?

Posted: 02 Mar 2022, 10:27
by TMSupport
{L_BUTTON_AT}Charlie_Croker
The latest version is TOS 4.2.30, if you cannot update online, you can try to download the update package and update manually.

Re: How to protect your TNAS from Deadbolt ransomware?

Posted: 02 Mar 2022, 10:37
by TMSupport
chourmovs wrote: 02 Mar 2022, 00:07 and when you say "Remove the ransomware", what about my whole photo collection with .deadbolt extension ?
How do I recover those with no backup available ?
Reinstalling the system will not delete the data on the drive, but files that have been encrypted cannot be decrypted for the time being. You can back up files that have not been encrypted.

Re: How to protect your TNAS from Deadbolt ransomware?

Posted: 02 Mar 2022, 17:57
by Ashley.S.
Sorry to sound a bit stupid but would reinstall method #2 reset everything to factory default and definitively remove the ransomware, while keeping my files on the harddrive since I can no longer login and access the TOS pages? I need to assess the damage caused to see how much media I might have lost so I can see what backups I might have and what would need restoring.

Re: How to protect your TNAS from Deadbolt ransomware?

Posted: 02 Mar 2022, 18:24
by brunix86
Ashley.S. wrote:
>
Hi, I confirm that the method #2 reinstall only the TOS, with no personal data loss.
I tried this method for a different problem and it mantains your files and your RAID configuration.

Re: How to protect your TNAS from Deadbolt ransomware?

Posted: 02 Mar 2022, 18:32
by Charlie_Croker
@TMSupport

Any chance of you guys actually supporting users who have lost (in many cases, priceless data) and those of us at risk of losing data?

How about telling us how
1. How Deadbolt managed to get past your security.
2. When you will issue a fix
3. What owners can do now (because the advice you offered was for Echamonix, Deadbolt must be attacking differently as you patched that exploit).
4. When we wil liet a patched version of TOS
5. What your plans are to harden your OS

Now is not the time to be posting photos of Pugs or of hiding, take command and tell us what you know.