dmach47 wrote: ↑14 Jan 2021, 08:40
I have an F4-210 and I was also hit on December 25 with the malware. Now what?
I've taken the F4-210 off the network and turned it off.
What I am most worried about is the malware infecting my other computers on the network (and which were linked to the NAS).
Are the drives that are in the F4-210 now worthless? I would like to reuse them, but I don't want to connect them to any of my other computers and risk them being infected with the malware.
I have other backups, so I won't lose any data, unless all my other computers also get infected.
I am no security or NAS expert. I just wanted a simple system to access all my music/photos/videos and have as a backup of all my data.
just a thought here are you sure your nas drive was infected and it spread to computers, or could it have been a computer becoming infected which then spread to mapped network drives on the nas?
the drives you can just wipe and re-use there has been no damage to the drives its just data on them that is now encrypted
sianderson wrote: ↑14 Jan 2021, 16:43
just a thought here are you sure your nas drive was infected and it spread to computers, or could it have been a computer becoming infected which then spread to mapped network drives on the nas?
the drives you can just wipe and re-use there has been no damage to the drives its just data on them that is now encrypted
Yes, I am 95% sure. None of my other computers show signs of ransomware, but I want to be overly cautious. As for the drives, I just want to be sure that there isn't a malware boot record or something on those drives. The F4-210 is now considered toast/boat anchor, but I'd like to be able to add those drives to my off-line backup set. Note, I didn't really lose any data (that I know of yet) because I also keep an off-line set of backups.
I just want to be sure the hack that compromised my NAS didn't use that security hole in the TerraMaster software to infect the rest of my computers. I don't want to continue backing up my computers if they are now infected.
Now I've blocked the NAS completely from the internet using the firewall with rules in both directions - I'd advise anyone else do the same. I'll also relegated it to a media server as I don't trust it with anything else. I'll use OneDrive/GDrive and an external hard drive for anything actually important.
I think the official statement answered all your questions, if you did not read it carefully, you can do it now.Do not ask the same questions again and again.
Official notice about eCh0raix(QNAPCrypt)
Defenders and hackers have been back and forth fighting with each other for decates, I do not think this is going to be finish in near future, because I do not think companies like Norton, Kaspersky, Mcfee will end their business soon. Malwares are all our common enemy, we are all victims, we are working hard to fight again them. If you have somethings to tell them, please do it!
If you have plenty of time, fight again Malwares, that could really help all others.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
1. Update your computer operating system and TOS operating system to the latest version;
as far as i am aware the exploit has nothing to do with a client computer it was directly attacked which then leads me onto the point that we are all finding frustrating, what is your process for letting people know there is an update there to ensure the nas drives are upto date?
it seems like TM do not actually understand the environment that they are commonly used in
a) a nas drive usually sits in a cupboard or on a desk and not really seen, there is no visible update light on the unit itself (like there is with a buffalo)
b) once a nas drive is set up people will very very rarely login to the web config for it (perhaps consider email alerts to tell someone there is an update or make the unit beep once a day or something like that), the only reason why i login to the web admin is to make sure it hasnt corrupted my USB drive etc its not for any configuration purposes
can i please ask TM to review its updating procedures to try and combat this issue, as i bet there are lots of people still running Nas drives with really old versions of the software, because they just dont know there is an update there
the only way i know is because i read this forum and look out for the x.x.x.x version is available for updating posts, but you cant expect most people to do this
yeah, we need to think about it seriously. Perhaps pushing a update message to your TNAS mobile app is one of options.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
TMroy wrote: ↑26 Jan 2021, 11:07
yeah, we need to think about it seriously. Perhaps pushing a update message to your TNAS mobile app is one of options.
perhaps, however i think you need to think more basic i don't have a mobile app installed as my nas drive serves my desktop computers not my mobile phone, which links nicely back to my statement about TM not actually understanding the environment that they are commonly used in
It is not about environment understanding, it is about who make the decision. We always think that user need to know what changed in the new update and have his right to decide if he will apply new update on his device. at present, we don't think it is not good idea to automatic update without notice to device's owner.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
TMroy wrote: ↑26 Jan 2021, 17:51
It is not about environment understanding, it is about who make the decision. We always think that user need to know what changed in the new update and have his right to decide if he will apply new update on his device. at present, we don't think it is not good idea to automatic update without notice to device's owner.
who ever mentioned automatic updates without notice to device owners?? i never once hinted to this as a solution
i completely agree YOU need to notify users there is an update, which at the moment you are completely failing to do this effectively, my point is that you have chosen to highlight an obscure way to notify users which does suggest TM does not understand how these nas drives are being used in reality, yes the mobile apps need to say there's an update available, but you can not rely on this as there's probably a lot of people who own these NAS drives who do not use the mobile app, its also a breach of most company computer use policies to even have the mobile app loaded on a device and i would imagine also goes against ISO 27001 Information Security recommendations also
Maybe you don't like me asking the same question over and over, but the best way to prevent me from keeping asking is to answer the question, right?
If the system cannot meet the steps as layed out in "How to protect yourself against encryption-based ransomware Ech0raix (QNAPCrypt)?" does it imply the system itself is insecure?
Waiting for the insights by TM
BTW, I run a PR company should you ever run into similar issue again, and I think there is a lot what we could do for you in terms of communication with the outside world to prevent people getting upset with you again.
