Re: Urgent Notification about TNAS being Attacked by Ransomware
Posted: 01 Mar 2022, 09:58
TimeKillr wrote:
> I was hit - it seems like the attack happened this morning (I woke up to my
> TNAS' fan being loud but I figured it was just doing some maintenance).
>
> From what I know, I had absolutely zero services enabled except Plex and
> SMB; I lost a ton of stuff, including a lot of work files.
>
> This is absurd - I'm not paying 0.03BTC to recover my files, and I kind of
> expect Terramaster to pay up this idiotic ransom, especially since even if
> I do pay, I have absolutely ZERO guarantees I won't be hit again.
>
> Deadbolt hit Terramaster earlier this month, and now they're hitting again;
> even if now I decide to say screw it and decrypt my NAS, what's to tell me
> that the vulnerability will be fixed? If Terramaster doesn't know what the
> vulnerability is, how can they be expected to patch it?
>
> I also don't know why I just learned of this - Terramaster has my
> registration information, and when the initial attack happened in January,
> why didn't they send a mass email to all their customers with steps to
> potentially secure themselves?
>
> My NAS is behind TWO routers, access to it is limited to my local network
> (I can't even log on to it externally!) and yet this happens.
>
> From what I see on this forum last time they said "It's your fault if
> it's not secure"; all the passwords I have on the device are randomly
> generated and secure, the attackers are providing a solution to Terramaster
> (it's a lot of money, granted!) but we're still being left in the dark?
>
> I'm really, REALLY disappointed.
1. When TM was hit in January it was by Echamonix (a different vulnerability, which TM patched).
2. When QNAP was hit in January by deadbolt, TM should have taken steps to check TM devices weren't vulnerable, they didnt, when Asustore was hit with deadbolt about 7 days ago, they should have again checked, seems they didnt.
3. I agree, TM should be actively warning users.
4. Why are you behind two routers? I'm confused as to the reasoning and why you would want to be "DoubleNATed"? Just because you can't log onto your NAS from outside the LAN, doesn't mean its not exposing ports.
5. If TM pay the ransom, the attacks will increase, as these criminal gangs will realise they are an easy target.
6. I have a QNAP (7 years) and a TM, ( 18 months) and a WD mycloud (A thousand years, or so it seems), I have never been hit by Ransomware (Well, not yet) , but I always change default ports and I have the best Router I can afford, definitely NOT the one provided by my ISP. (A router with Intrusion Protection System enabled, which monitors all traffic actively looking for attacks). I always make sure Upnp is OFF, as is FTP, SSH and Telnet.
7. I have to expose my NAS drives to the Net as I need access to them from where I work and they're in my home (3050 miles away) .
8. Its no consolation but QNAP keep getting hit, almost weekly or so it seems.
9. ALWAYS backup your data from the NAS, I use a 3-2-1 strategy. https://www.backblaze.com/blog/the-3-2- ... -strategy/
This guy posts some very good videos about securing your network https://www.youtube.com/c/NetworkChuck/videos
> I was hit - it seems like the attack happened this morning (I woke up to my
> TNAS' fan being loud but I figured it was just doing some maintenance).
>
> From what I know, I had absolutely zero services enabled except Plex and
> SMB; I lost a ton of stuff, including a lot of work files.
>
> This is absurd - I'm not paying 0.03BTC to recover my files, and I kind of
> expect Terramaster to pay up this idiotic ransom, especially since even if
> I do pay, I have absolutely ZERO guarantees I won't be hit again.
>
> Deadbolt hit Terramaster earlier this month, and now they're hitting again;
> even if now I decide to say screw it and decrypt my NAS, what's to tell me
> that the vulnerability will be fixed? If Terramaster doesn't know what the
> vulnerability is, how can they be expected to patch it?
>
> I also don't know why I just learned of this - Terramaster has my
> registration information, and when the initial attack happened in January,
> why didn't they send a mass email to all their customers with steps to
> potentially secure themselves?
>
> My NAS is behind TWO routers, access to it is limited to my local network
> (I can't even log on to it externally!) and yet this happens.
>
> From what I see on this forum last time they said "It's your fault if
> it's not secure"; all the passwords I have on the device are randomly
> generated and secure, the attackers are providing a solution to Terramaster
> (it's a lot of money, granted!) but we're still being left in the dark?
>
> I'm really, REALLY disappointed.
1. When TM was hit in January it was by Echamonix (a different vulnerability, which TM patched).
2. When QNAP was hit in January by deadbolt, TM should have taken steps to check TM devices weren't vulnerable, they didnt, when Asustore was hit with deadbolt about 7 days ago, they should have again checked, seems they didnt.
3. I agree, TM should be actively warning users.
4. Why are you behind two routers? I'm confused as to the reasoning and why you would want to be "DoubleNATed"? Just because you can't log onto your NAS from outside the LAN, doesn't mean its not exposing ports.
5. If TM pay the ransom, the attacks will increase, as these criminal gangs will realise they are an easy target.
6. I have a QNAP (7 years) and a TM, ( 18 months) and a WD mycloud (A thousand years, or so it seems), I have never been hit by Ransomware (Well, not yet) , but I always change default ports and I have the best Router I can afford, definitely NOT the one provided by my ISP. (A router with Intrusion Protection System enabled, which monitors all traffic actively looking for attacks). I always make sure Upnp is OFF, as is FTP, SSH and Telnet.
7. I have to expose my NAS drives to the Net as I need access to them from where I work and they're in my home (3050 miles away) .
8. Its no consolation but QNAP keep getting hit, almost weekly or so it seems.
9. ALWAYS backup your data from the NAS, I use a 3-2-1 strategy. https://www.backblaze.com/blog/the-3-2- ... -strategy/
This guy posts some very good videos about securing your network https://www.youtube.com/c/NetworkChuck/videos