Page 2 of 5
Re: Tnas F4-210 got hit with Ransomware by *** By LVT LOCKER ***
Posted: 01 Mar 2024, 01:01
by TMroy
CVE-2020-28188 was fixed very long time ago.
CVE-2022-24989 and CVE-2022-24990 have been fixed in version 4.2.31
viewtopic.php?f=28&t=3187
You may use an outdated TOS version, you need to keep your system up to date and recommended to use a strong password.
Re: Tnas F4-210 got hit with Ransomware by *** By LVT LOCKER ***
Posted: 01 Mar 2024, 01:09
by TMroy
ldingo wrote: ↑26 Feb 2024, 18:55
Same here on a F5-220. I was hit yesterday (25 Feb 2024).
I was running TNAS software 4.2.08 (moved to 4.2.40 after the fact).
The TNAS was running a PLEX server.
While I limited access only to internal network in the configuration I discovered later on that UPnP enabled forwarding port 5443, 8181, 9091 and 8800 in the router (why this?), so the TNAS was indeed exposed even though protected by strong passwords.
No trace of any attack/strange connections from the router logs.
Hope that TOS 5 will be better protected (any info?).
If somebody has any clues on way to decrypt I am ready to try before nuking it and restart from scratch.
4.2.08 is a very outdated version in 4.x, for security reasons, it is recommended to keep your system up to date.
Re: Tnas F4-210 got hit with Ransomware by *** By LVT LOCKER ***
Posted: 02 Mar 2024, 01:07
by Qwok
Re: Tnas F4-210 got hit with Ransomware by *** By LVT LOCKER ***
Posted: 12 Apr 2024, 12:33
by cdelicath
I got hit by this last night. Is there a fix for this? Or are my files gone for good?
Pretty disappointing.
Re: Tnas F4-210 got hit with Ransomware by *** By LVT LOCKER ***
Posted: 17 Apr 2024, 19:12
by dede196
My F2-F220 was also infected with ransomware with LVT extension.
I was consulting with a support person about ORICO 3.5 inch HDD case 5 bay mount being unstable.
I was attacked while replacing the TOS with an older version and a newer version as advised.
I think Terra Master has been aware of this problem since 2022.
It seems that owners of older types of NAS were not advised to be careful.
I'm really shocked.
Both F2-F220 and ORICO DS500U3 5 bay are no longer valid.
■Ransomware damage reported on TerraMaster NAS. Call to apply the latest updates
https://pc.watch.impress.co.jp/docs/news/1379713.html
※The text was created using Google Translate.
Re: Tnas F4-210 got hit with Ransomware by *** By LVT LOCKER ***
Posted: 27 Apr 2024, 07:40
by JackFrost
My Tnas was attacket too, through tnas online.
I contacted TerraMaster technical assistance, the only thing they tried to do was to sell new products. It seems TerraMaster knows this issue from 2022, and they did nothing about it.
(by the way, I will NEVER buy again a TerraMaster product)
I sent the 0.01 bitcoin and received back an .exe that is not decrypting the data.
Do not send the 0.01 bitcoin, you will be scammed.
Message me if you want the .exe
Re: Tnas F4-210 got hit with Ransomware by *** By LVT LOCKER ***
Posted: 27 Apr 2024, 08:43
by dede196
I searched using Chrome browser translation.
Programmer posted on X, good idea.
English analysis.
https://twitter.com/malwrhunterteam/sta ... 1636425201
https://raw.githubusercontent.com/stamp ... omware.txt
More this is a Chinese site with analysis and explanations.
https://zhuanlan.zhihu.com/p/685771808
https://bbs.360.cn/thread-16120282-1-1.html
By the way, Terra Master didn't think of any measures.
Hackers may be well aware of the vulnerabilities of devices and systems.
They're definitely being targeted.
Re: Tnas F4-210 got hit with Ransomware by *** By LVT LOCKER ***
Posted: 24 May 2024, 00:45
by arnau97
Hello, could you send me the .exe please? talk me with private message
Re: Tnas F4-210 got hit with Ransomware by *** By LVT LOCKER ***
Posted: 26 May 2024, 06:31
by ThatsNice
Hey, I just got hit with this on my F5-221 - do you still have that .exe? please send it my way - pm me please
Re: Tnas F4-210 got hit with Ransomware by *** By LVT LOCKER ***
Posted: 27 May 2024, 03:38
by JoeRavage
I just realized that ALL the files on my NAS were encrypted.
What I can do?