Page 5 of 5

Re: How to protect your TNAS from Deadbolt ransomware?

Posted: 22 Jul 2022, 06:59
by titanrx8
TM220user wrote: 21 Jun 2022, 19:43 chourmovs wrote:
>
>
> Yes if you power on it should continue to encrypt
> You have to reinstall/update system to fix this


Well, it looks like I just tripped the activation of mine starting to encrypt (was doing a reboot to add a SSD).
After the reboot, I no longer had access to any of my user accounts (including my 'admin' account that was setup under the new "protection" supposedly offered by the 4.2.30+ OS 'improvements' LMAO. What a farce.

I was running 4.2.32-2203011626 according to the screenshot I took literally before rebooting. (it was up for 36 days before this morning, so whatever happened, happened RECENTLY, and on the current TOS.)

I had NO access allowed to anything publicly. I only access it LOCALLY. (And most of those options were supposed to be disabled [by me]: for example: UPnP, SMB, FTP, WebDAV, RSync, etc)
So I *thought* I had everything locked down pretty well... The only way I can see it being accessible is via whatever backdoor TerraMaster themselves built in (for things like phoning home to check for software updates, or for them to access our machine to 'assist' in whatever problem arises via their support team we see so often mentioned; "contact our support team so they can have a look...")

Anyways, the reason I'm writing is to say that even the current TOS 'os' is NOT SECURED YET against getting locked out of your system and having files encrypted.

I've about had my fill of this "OS".
Sorry to hear this. If you were running btrfs with snapshots you might be able to roll back to a time period prior to crypto. Others have reported this to work.

Initially, when these cryptos were attacking other NAS brands I bought and installed a standalone firewall. I had previously written rules for the TNAS Firewall that prevented all remote access but noticed that it took several minutes after bootup before the firewall rules were activated. This seemed too risky to me so added the external firewall. This way, all remote traffic has to hit the firewall first. Using the TOS firewall rules, the attacking packets are already on your network and it's up to TOS to reject them.

Your suspicion about phone home possibilities are correct. My Firewall blocks numerous outbound flows from my TOS servers everyday. My Firewall blocks everything to or from the TOS machines that isn't local.

Re: How to protect your TNAS from Deadbolt ransomware?

Posted: 22 Jul 2022, 10:31
by TMroy
{L_BUTTON_AT}TM220user

Although you write a lot, you provide almost no helpful information.

For example:
1. what is your model number?
2. how do you know your files are being encrypted?
3. did you see any pop-up menu that guide you to pay the ransom?This is the important thing ransomware asks for.
4. what is the name of the ransomware?

I can't tell if the issue you're facing is caused by a ransomware attack or a system glitch.

Re: How to protect your TNAS from Deadbolt ransomware?

Posted: 24 Jul 2022, 23:01
by TM220user
{L_BUTTON_AT}TM220user
TMroy wrote: 22 Jul 2022, 10:31 Although you write a lot, you provide almost no helpful information.
Rest assured, the feeling is mutual. Especially when someone asks you a specific question, which you do not answer. It took weeks, but I managed to get my unit back online thanks.

Re: How to protect your TNAS from Deadbolt ransomware?

Posted: 30 Jan 2023, 17:30
by ZeeshanAhmad228
good work

Re: How to protect your TNAS from Deadbolt ransomware?

Posted: 30 Jan 2023, 17:39
by TMroy
{L_BUTTON_AT}TM220user

Sorry to leave you such a feeling, we will move forward to be better, keep pushing us.

Re: How to protect your TNAS from Deadbolt ransomware?

Posted: 18 Mar 2023, 12:04
by powerQ
oooh, really? I did not find such a report in this forum recently, maybe I missed them? Anyway, I made a backup to a USB drive with USB copy that releases my stress a lot.