Page 31 of 34

Re: Urgent Notification about TNAS being Attacked by Ransomware

Posted: 10 Mar 2022, 18:56
by LaMosca
xmal99 wrote:
> Hello!
> As a lot of People here, I've been attacked by deadbolt. I was lucky to see
> this and interrupt the encryption process before my photo had been
> modified. So only non essential doc have been encrypted.
> I used the process number 1 to restart my Nas: Backup config + reset
> factory.
> But I have the following problem I can't understand and correct. On every
> page, every popup, on the left screen with name/Net info and ressources
> info, even in the background of the main screen just up of the time &
> date, I have this message:
> Warning: syntax error, unexpected '=' in /etc/.default.sys on line 4 in
> /usr/www/include/class/func.class.php on line 491
>
> And in the control pannel / update and recovery, I can't do reset or
> recovery anymore. Here is a screen shot.
> By the way the nas is really online but the nas tell me offline since this
> problem. Perhaps it's only a config problem since reset for the offline
> trouble.
>
> Here is a screenshot very clear of my problem:
> https://postimg.cc/w1GYw1TW
>
> Thanx for your help!

Hello, what I recommend is to talk to the terra master online support, they will help you. Definitely.

Re: Urgent Notification about TNAS being Attacked by Ransomware

Posted: 10 Mar 2022, 22:08
by LaMosca
Today I received a very curious connection attack to a camera. hahaha The Anti-Scan Defender stopped it completely. LOL

here the test. the attack comes through a proxy. ha ha

IP Address-Already Blocked: ✔️ 64.227.112.120

Deny Host-Web Attack: 💥〰︎〰 http://64.227.112.120

Detecting Scanning Warning URL: ⛔

http://24.105.75.221:80/onvif/index

Reference.
Tip: Click a model to generate a URL for your camera

https://www.ispyconnect.com/camera/china

0000, 002hit, IPCAM P2P, Other FFMPEG

http:// videostream.asf?user=[USERNAME]&pwd=[PASSWORD]&resolution=64&rate=0

they want the user pass hahaha

Mi The Anti-Scan Defender paralyzes everything.

The Anti-Scan Defender
http://larry.serveftp.com/ayuda/

Re: Urgent Notification about TNAS being Attacked by Ransomware

Posted: 11 Mar 2022, 00:22
by arch_edgoce7
Hi All,
I'm not very techy person and I was hit by deadbolt encrypting 90% of around 4 tb of work related data, 10 years of work and 15 years of memories in form of videos and photos. Since I am not really IT person, I have not setup a good backup. The time I learned this, I just shut down my NAS, and not to connect it on internet again. I've been unemployed close to one year now due to pandemic and I don't have the fund to pay the ransom.

For those whose gone thru this ordeal, Can somebody shed me a light on this:

1. Is there a time limit given to decrypt the the deadbolted files ( say 24, 48 hours)?.
2. Is the 3d digit key unique for each case, or can be re-used by other users?
If so, have you found somebody generous enough to share the key they got , that might work for others
3. Has TNAS released yet a fix to decrypt the files bypassing the key
and a fix this to avoid it in the future ?

I am really begging anyone here generous who can help me decrypt my files as this is my only source of livelihood.

God bless your heart.
Edd

Re: Urgent Notification about TNAS being Attacked by Ransomware

Posted: 11 Mar 2022, 00:37
by Charlie_Croker
arch_edgoce7 wrote:
>
Hi Edd,

I hope things start looking up for you soon. Hang in there, the tide goes out but it does come back in.
1. No there doesn't appear to be a time limit
2. Its probably unique for each NAS hit
3. No news of any fix from QNAP although there are people working on something watch this for more https://www.youtube.com/watch?v=REsWAfHiW6g

Charlie

Re: Urgent Notification about TNAS being Attacked by Ransomware

Posted: 11 Mar 2022, 01:45
by LaMosca
> God bless your heart.
> Edd


What I was suspecting. QNAP Turbo NAS QTS 4.3.3.1799 tries to infest my TNAS. This is not a scan, this is an attempt to infest my TNAS.

Here I leave the evidence.
QNAP
http://114.32.61.59:9119/cgi-bin/

Logo in my System. Anti Scan Defender

IP Address-Already Blocked: ✔️ 114.32.61.59

Deny Host-Web Attack: 💥〰︎〰 http://114-32-61-59.hinet-ip.hinet.net

attempt to enter to infest my TNAS.
Detecting Scanning Warning URL: ⛔
http://larry.serveftp.com/db/db-admin/index.php?lang=en

If you want to detect or protect your TNAS this is the page contact me on telegram. to help.
https://t.me/terramasters

Re: Urgent Notification about TNAS being Attacked by Ransomware

Posted: 11 Mar 2022, 04:16
by Charlie_Croker
LaMosca wrote:
>
Update your QTS, thats an out of date build. Go to at least 4.5.4 or even better 5.0

Re: Urgent Notification about TNAS being Attacked by Ransomware

Posted: 11 Mar 2022, 04:23
by Charlie_Croker
LaMosca wrote:

> What I was suspecting. QNAP Turbo NAS QTS 4.3.3.1799 tries to infest my TNAS. This is
> not a scan, this is an attempt to infest my TNAS.

QTS 4.3.6 is over 3 years old, (28/03/2019) and you’re using 4.3.3!!! So thats even older. QNAP has been hit with numerous ransomware since then (Qlocker, Deadbolt and more)…..

https://www.qnap.com/en-uk/download?mod ... y=firmware

Re: Urgent Notification about TNAS being Attacked by Ransomware

Posted: 11 Mar 2022, 05:50
by LaMosca
Charlie_Croker wrote:
> LaMosca wrote:
>
> > What I was suspecting. QNAP Turbo NAS QTS 4.3.3.1799 tries to infest my TNAS.
> This is
> > not a scan, this is an attempt to infest my TNAS.
>
> QTS 4.3.6 is over 3 years old, (28/03/2019) and you’re using 4.3.3!!! So thats even
> older. QNAP has been hit with numerous ransomware since then (Qlocker, Deadbolt and
> more)…..
>
> https://www.qnap.com/en-uk/download?mod ... y=firmware

my answer.

no, I don't use that. I only said in the forum that there was an attack from that IP. QNAP
http://114.32.61.59:9119/cgi-bin/

and my system blocked it quickly.
IP Address-Already Blocked: ✔️ 114.32.61.59

Re: Urgent Notification about TNAS being Attacked by Ransomware

Posted: 11 Mar 2022, 06:10
by Charlie_Croker
So you're just posting to say that you blocked a QNAP that was trying to infect your system? Or did it just do a port scan?

In the last 3 days according to my IPS . I have had 18 "possible network Intrusion attempts" , numerous "ET Drop Dshields", 17 "ET Scans", 1x attempted information leak".

I use Unifi Security Gateway Pro, with a UDM Pro ready to be installed when I get the time. It has very good IPS. https://help.ui.com/hc/en-us/articles/3 ... y-Settings

Re: Urgent Notification about TNAS being Attacked by Ransomware

Posted: 11 Mar 2022, 06:31
by LaMosca
Charlie_Croker wrote:
> So you're just posting to say that you blocked a QNAP that was trying to
> infect your system? Or did it just do a port scan?
>
> In the last 3 days according to my IPS . I have had 18 "possible
> network Intrusion attempts" , numerous "ET Drop Dshields",
> 17 "ET Scans", 1x attempted information leak".
>
> I use Unifi Security Gateway Pro, with a UDM Pro ready to be installed when
> I get the time. It has very good IPS.
> https://help.ui.com/hc/en-us/articles/3 ... y-Settings

if I know UniFi.
https://help.ui.com/hc/en-us/articles/3 ... y-Settings
very well. it's just that my system is not dependent on any software or platform.

it is totally independent. and so far without failure.
and anyone who needs it can use it. It can also forward traffic to my system to block intruders. t a few days later you can pick up the block list. which is already big by the way.