How to protect your TNAS from Deadbolt ransomware?

Official announcements and latest news, awards from medias, and sucess stories.
User avatar
brunix86
Posts: 59
Joined: 12 Oct 2021, 21:51
Italy

Re: How to protect your TNAS from Deadbolt ransomware?

Post by brunix86 »

Hi TMSupport,

I suggest another way to protect our NAS from server information leakage, by hiding the nginx tokens.

1) Connect to your TNAS device using SSH
2) Open the nginx config file with this command: sudo vi /etc/nginx/nginx.conf
3) Add to the html section the following line: server_tokens off;
4) Save the file and restart nginx daemon with the following commands:
4a) sudo /etc/init.d/nginx stop
4b) sudo /etc/init.d/nginx start

Note: this change may be lost after TNAS system update.
User avatar
Ashley.S.
Posts: 4
Joined: 01 Mar 2022, 07:19
Great Britain

Re: How to protect your TNAS from Deadbolt ransomware?

Post by Ashley.S. »

brunix86 wrote:
>
Thanks, hopefully, deadbolt didn't mess with the RAID configurations!
User avatar
Charlie_Croker
Posts: 105
Joined: 07 Oct 2020, 19:05

Re: How to protect your TNAS from Deadbolt ransomware?

Post by Charlie_Croker »

{L_BUTTON_AT}Charlie_Croker
TMSupport wrote: > > > The latest version is TOS 4.2.30, if you cannot update online, you can try > to [url=https://support.terra-master.com/download]download the update > package[/url] and update manually. Thank you, however it was not listed on your website when I posted, now would it download from the TNAS Updates in Settings.
chourmovs
Posts: 27
Joined: 28 Mar 2020, 14:56

Re: How to protect your TNAS from Deadbolt ransomware?

Post by chourmovs »

[quote=Charlie_Croker post_id=16894 time=1646217123 user_id=2281]
@TMSupport

Any chance of you guys actually supporting users who have lost (in many cases, priceless data) and those of us at risk of losing data?

How about telling us how
1. How Deadbolt managed to get past your security.
2. When you will issue a fix
3. What owners can do now (because the advice you offered was for Echamonix, Deadbolt must be attacking differently as you patched that exploit).
4. When we wil liet a patched version of TOS
5. What your plans are to harden your OS

Now is not the time to be posting photos of Pugs or of hiding, take command and tell us what you know.
[/quote]

Totally aligned with this post, what happened to my data stored on an up to date storage device under linux with 2 drives in raid is absolutely unacceptable
Terramaster has to explain what is the plan to fix, prevent and repair !!!!
User avatar
KHnats
Posts: 6
Joined: 06 Jul 2021, 23:04

Re: How to protect your TNAS from Deadbolt ransomware?

Post by KHnats »

Some solutions instead of comments:

I was a victim of the Ech0raix attack in December 26, I have since made (successful) efforts to protect my two TerraMaster NAS drives. At least, the last three attacks both drives have remained unaffected.

Some realisations:
1. No NAS drive will be ever secure, but we have to admit that some are more often the subject of an attack than others.
2. The producers of NAS drives do not necessarily need to be security experts.
3. Eventually, no-one will be able to guarantee the security of your files, DropBox, Google, Backblaze, Mega... they can all be the subject of hackers. But one principle stands; the amount of work/resources that hackers are willing to put into a single successful hack. 'Luckily', most hackers are ransomware attacks purely aimed at financial gain or other mass attacks. This means they go for the low-hanging fruit, the most easy to hack subjects. Those without proper security layers.
4. And because of #3, most of these attacks are fully automated, e.g. they use bots to find potential vulnerable computers/NAS drives to attack.

What does this mean?
If you have more layers of protection/security than the bot is programmed for, they will likely leave you alone. I used to live in Amsterdam, and over there you would always park your bicycle with two locks next to the bicycle with one lock. Your single biggest protection is the lack of security on other people's systems.

So how to achieve a better security?
1. Invest in a firewall, they are really not that expensive anymore and they come with many other features that can help you protect your network and devices on it. I'm a big fan of Firewalla (developed by two ex-CISCO guys), but there are others of course. IMHO, the security features on the TerraMaster should not be used, as I doubt they were built by security experts.
2. Apply 'zero trust' for your NAS. Figure out what services are needed, and only allow those connections. Prevent your NAS from doing anything more than the absolute necessary. This will protect you from egress attacks where the virus entered via an infected computer and is trying to make remote connections.
3. Don't - I repeat - DON'T ever use the 'handy' built-in, ready to use internet access function. The only place where your NAS should be accessible is the INTRAnet, not the internet.
4. If you do want to be able to access your NAS from the internet, setup a VPN server on your firewall and access your intranet via VPN. Once on the intranet you can access all your files. Now you don't need to expose your T-NAS online.

You will need time and some money to secure your network, but most of these are investments that are one-off and can last a number of years before they need to be renewed. Besides it makes a great hobby.

The above may not keep you completely safe, but I think 95% of the attacks will simply pass your doorstep. And that is a lot already.

Good luck!
User avatar
Jac de Lad
Posts: 38
Joined: 04 Aug 2020, 01:40

Re: How to protect your TNAS from Deadbolt ransomware?

Post by Jac de Lad »

And make regular backups.
User avatar
deex
Posts: 6
Joined: 08 Aug 2021, 23:27

Re: How to protect your TNAS from Deadbolt ransomware?

Post by deex »

Thanks for the information. Can you give us a statement if the exploit was possible due SAMBA?

https://www.zerodayinitiative.com/blog/ ... BFghVzMqvg
chourmovs
Posts: 27
Joined: 28 Mar 2020, 14:56

Re: How to protect your TNAS from Deadbolt ransomware?

Post by chourmovs »

yes yes yes and develop your own firmware to fix 3 monthes old login vulnerabilit... Please don't blame those who lost everything because differents history readings exists here...
User avatar
ctwelsh
Posts: 4
Joined: 20 Feb 2021, 23:48

Re: How to protect your TNAS from Deadbolt ransomware?

Post by ctwelsh »

I was hit very hard as well. I realized after doing Terramaster's suggested reinstall that it removed Deadbolts decryption software. In hindsight, I wish I had just pulled the drives out and set them aside in hopes of future opportunities to decrypt the files. I see that QNAP already has put together a replacement decryption file (you still need a decryption key and each attack is a different key from what I read, using AES-128 encryption - ugh). I'm going to check around for decryption services despite no longer having the decryption file. My request is that Terramaster provide a decryption file to allow us to enter decryption keys if/when available. From what I've been reading, people that have paid the ransom have been provided a working decryption key and regained their data. I have also read about some keys not working. At .03 bitcoin, no way am I taking that gamble, so hopefully they get raided and keys become available or a service is able to break it. - seriously not holding my breath on any good new though.
User avatar
seajayshome
Posts: 20
Joined: 12 Feb 2022, 00:38

Re: How to protect your TNAS from Deadbolt ransomware?

Post by seajayshome »

It's worth setting up SNAPSHOTS as well as some other people have said. You can install the SNAPSHOT application from the applications icon, and set it up to run whenever you want - I have it just running daily as there is very little that changes normally.

This then allows you to revert to any previous snapshot in the event that some ransomware corrupts your files (nothing is infallible of course, but it's another tool to protect your data, and snapshots just take seconds.)
Post Reply