{L_BUTTON_AT}xmal99
System error, please try to reinstall the system.Urgent Notification about TNAS being Attacked by Ransomware
Re: Urgent Notification about TNAS being Attacked by Ransomware
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Re: Urgent Notification about TNAS being Attacked by Ransomware
xmal99 wrote:
> Hello!
> As a lot of People here, I've been attacked by deadbolt. I was lucky to see
> this and interrupt the encryption process before my photo had been
> modified. So only non essential doc have been encrypted.
> I used the process number 1 to restart my Nas: Backup config + reset
> factory.
> But I have the following problem I can't understand and correct. On every
> page, every popup, on the left screen with name/Net info and ressources
> info, even in the background of the main screen just up of the time &
> date, I have this message:
> Warning: syntax error, unexpected '=' in /etc/.default.sys on line 4 in
> /usr/www/include/class/func.class.php on line 491
>
> And in the control pannel / update and recovery, I can't do reset or
> recovery anymore. Here is a screen shot.
> By the way the nas is really online but the nas tell me offline since this
> problem. Perhaps it's only a config problem since reset for the offline
> trouble.
>
> Here is a screenshot very clear of my problem:
> https://postimg.cc/w1GYw1TW
>
> Thanx for your help!
Hello, what I recommend is to talk to the terra master online support, they will help you. Definitely.
> Hello!
> As a lot of People here, I've been attacked by deadbolt. I was lucky to see
> this and interrupt the encryption process before my photo had been
> modified. So only non essential doc have been encrypted.
> I used the process number 1 to restart my Nas: Backup config + reset
> factory.
> But I have the following problem I can't understand and correct. On every
> page, every popup, on the left screen with name/Net info and ressources
> info, even in the background of the main screen just up of the time &
> date, I have this message:
> Warning: syntax error, unexpected '=' in /etc/.default.sys on line 4 in
> /usr/www/include/class/func.class.php on line 491
>
> And in the control pannel / update and recovery, I can't do reset or
> recovery anymore. Here is a screen shot.
> By the way the nas is really online but the nas tell me offline since this
> problem. Perhaps it's only a config problem since reset for the offline
> trouble.
>
> Here is a screenshot very clear of my problem:
> https://postimg.cc/w1GYw1TW
>
> Thanx for your help!
Hello, what I recommend is to talk to the terra master online support, they will help you. Definitely.
Re: Urgent Notification about TNAS being Attacked by Ransomware
Today I received a very curious connection attack to a camera. hahaha The Anti-Scan Defender stopped it completely. LOL
here the test. the attack comes through a proxy. ha ha
IP Address-Already Blocked: ✔️ 64.227.112.120
Deny Host-Web Attack: 💥〰︎〰 http://64.227.112.120
Detecting Scanning Warning URL: ⛔
http://24.105.75.221:80/onvif/index
Reference.
Tip: Click a model to generate a URL for your camera
https://www.ispyconnect.com/camera/china
0000, 002hit, IPCAM P2P, Other FFMPEG
http:// videostream.asf?user=[USERNAME]&pwd=[PASSWORD]&resolution=64&rate=0
they want the user pass hahaha
Mi The Anti-Scan Defender paralyzes everything.
The Anti-Scan Defender
http://larry.serveftp.com/ayuda/
here the test. the attack comes through a proxy. ha ha
IP Address-Already Blocked: ✔️ 64.227.112.120
Deny Host-Web Attack: 💥〰︎〰 http://64.227.112.120
Detecting Scanning Warning URL: ⛔
http://24.105.75.221:80/onvif/index
Reference.
Tip: Click a model to generate a URL for your camera
https://www.ispyconnect.com/camera/china
0000, 002hit, IPCAM P2P, Other FFMPEG
http:// videostream.asf?user=[USERNAME]&pwd=[PASSWORD]&resolution=64&rate=0
they want the user pass hahaha
Mi The Anti-Scan Defender paralyzes everything.
The Anti-Scan Defender
http://larry.serveftp.com/ayuda/
- arch_edgoce7
- Posts: 1
- Joined: 06 Feb 2021, 17:15
Re: Urgent Notification about TNAS being Attacked by Ransomware
Hi All,
I'm not very techy person and I was hit by deadbolt encrypting 90% of around 4 tb of work related data, 10 years of work and 15 years of memories in form of videos and photos. Since I am not really IT person, I have not setup a good backup. The time I learned this, I just shut down my NAS, and not to connect it on internet again. I've been unemployed close to one year now due to pandemic and I don't have the fund to pay the ransom.
For those whose gone thru this ordeal, Can somebody shed me a light on this:
1. Is there a time limit given to decrypt the the deadbolted files ( say 24, 48 hours)?.
2. Is the 3d digit key unique for each case, or can be re-used by other users?
If so, have you found somebody generous enough to share the key they got , that might work for others
3. Has TNAS released yet a fix to decrypt the files bypassing the key
and a fix this to avoid it in the future ?
I am really begging anyone here generous who can help me decrypt my files as this is my only source of livelihood.
God bless your heart.
Edd
I'm not very techy person and I was hit by deadbolt encrypting 90% of around 4 tb of work related data, 10 years of work and 15 years of memories in form of videos and photos. Since I am not really IT person, I have not setup a good backup. The time I learned this, I just shut down my NAS, and not to connect it on internet again. I've been unemployed close to one year now due to pandemic and I don't have the fund to pay the ransom.
For those whose gone thru this ordeal, Can somebody shed me a light on this:
1. Is there a time limit given to decrypt the the deadbolted files ( say 24, 48 hours)?.
2. Is the 3d digit key unique for each case, or can be re-used by other users?
If so, have you found somebody generous enough to share the key they got , that might work for others
3. Has TNAS released yet a fix to decrypt the files bypassing the key
and a fix this to avoid it in the future ?
I am really begging anyone here generous who can help me decrypt my files as this is my only source of livelihood.
God bless your heart.
Edd
- Charlie_Croker
- Posts: 105
- Joined: 07 Oct 2020, 19:05
Re: Urgent Notification about TNAS being Attacked by Ransomware
arch_edgoce7 wrote:
>
Hi Edd,
I hope things start looking up for you soon. Hang in there, the tide goes out but it does come back in.
1. No there doesn't appear to be a time limit
2. Its probably unique for each NAS hit
3. No news of any fix from QNAP although there are people working on something watch this for more https://www.youtube.com/watch?v=REsWAfHiW6g
Charlie
>
Hi Edd,
I hope things start looking up for you soon. Hang in there, the tide goes out but it does come back in.
1. No there doesn't appear to be a time limit
2. Its probably unique for each NAS hit
3. No news of any fix from QNAP although there are people working on something watch this for more https://www.youtube.com/watch?v=REsWAfHiW6g
Charlie
Re: Urgent Notification about TNAS being Attacked by Ransomware
> God bless your heart.
> Edd
What I was suspecting. QNAP Turbo NAS QTS 4.3.3.1799 tries to infest my TNAS. This is not a scan, this is an attempt to infest my TNAS.
Here I leave the evidence.
QNAP
http://114.32.61.59:9119/cgi-bin/
Logo in my System. Anti Scan Defender
IP Address-Already Blocked: ✔️ 114.32.61.59
Deny Host-Web Attack: 💥〰︎〰 http://114-32-61-59.hinet-ip.hinet.net
attempt to enter to infest my TNAS.
Detecting Scanning Warning URL: ⛔
http://larry.serveftp.com/db/db-admin/index.php?lang=en
If you want to detect or protect your TNAS this is the page contact me on telegram. to help.
https://t.me/terramasters
> Edd
What I was suspecting. QNAP Turbo NAS QTS 4.3.3.1799 tries to infest my TNAS. This is not a scan, this is an attempt to infest my TNAS.
Here I leave the evidence.
QNAP
http://114.32.61.59:9119/cgi-bin/
Logo in my System. Anti Scan Defender
IP Address-Already Blocked: ✔️ 114.32.61.59
Deny Host-Web Attack: 💥〰︎〰 http://114-32-61-59.hinet-ip.hinet.net
attempt to enter to infest my TNAS.
Detecting Scanning Warning URL: ⛔
http://larry.serveftp.com/db/db-admin/index.php?lang=en
If you want to detect or protect your TNAS this is the page contact me on telegram. to help.
https://t.me/terramasters
- Charlie_Croker
- Posts: 105
- Joined: 07 Oct 2020, 19:05
Re: Urgent Notification about TNAS being Attacked by Ransomware
LaMosca wrote:
>
Update your QTS, thats an out of date build. Go to at least 4.5.4 or even better 5.0
>
Update your QTS, thats an out of date build. Go to at least 4.5.4 or even better 5.0
- Charlie_Croker
- Posts: 105
- Joined: 07 Oct 2020, 19:05
Re: Urgent Notification about TNAS being Attacked by Ransomware
LaMosca wrote:
> What I was suspecting. QNAP Turbo NAS QTS 4.3.3.1799 tries to infest my TNAS. This is
> not a scan, this is an attempt to infest my TNAS.
QTS 4.3.6 is over 3 years old, (28/03/2019) and you’re using 4.3.3!!! So thats even older. QNAP has been hit with numerous ransomware since then (Qlocker, Deadbolt and more)…..
https://www.qnap.com/en-uk/download?mod ... y=firmware
> What I was suspecting. QNAP Turbo NAS QTS 4.3.3.1799 tries to infest my TNAS. This is
> not a scan, this is an attempt to infest my TNAS.
QTS 4.3.6 is over 3 years old, (28/03/2019) and you’re using 4.3.3!!! So thats even older. QNAP has been hit with numerous ransomware since then (Qlocker, Deadbolt and more)…..
https://www.qnap.com/en-uk/download?mod ... y=firmware
Re: Urgent Notification about TNAS being Attacked by Ransomware
Charlie_Croker wrote:
> LaMosca wrote:
>
> > What I was suspecting. QNAP Turbo NAS QTS 4.3.3.1799 tries to infest my TNAS.
> This is
> > not a scan, this is an attempt to infest my TNAS.
>
> QTS 4.3.6 is over 3 years old, (28/03/2019) and you’re using 4.3.3!!! So thats even
> older. QNAP has been hit with numerous ransomware since then (Qlocker, Deadbolt and
> more)…..
>
> https://www.qnap.com/en-uk/download?mod ... y=firmware
my answer.
no, I don't use that. I only said in the forum that there was an attack from that IP. QNAP
http://114.32.61.59:9119/cgi-bin/
and my system blocked it quickly.
IP Address-Already Blocked: ✔️ 114.32.61.59
> LaMosca wrote:
>
> > What I was suspecting. QNAP Turbo NAS QTS 4.3.3.1799 tries to infest my TNAS.
> This is
> > not a scan, this is an attempt to infest my TNAS.
>
> QTS 4.3.6 is over 3 years old, (28/03/2019) and you’re using 4.3.3!!! So thats even
> older. QNAP has been hit with numerous ransomware since then (Qlocker, Deadbolt and
> more)…..
>
> https://www.qnap.com/en-uk/download?mod ... y=firmware
my answer.
no, I don't use that. I only said in the forum that there was an attack from that IP. QNAP
http://114.32.61.59:9119/cgi-bin/
and my system blocked it quickly.
IP Address-Already Blocked: ✔️ 114.32.61.59
- Charlie_Croker
- Posts: 105
- Joined: 07 Oct 2020, 19:05
Re: Urgent Notification about TNAS being Attacked by Ransomware
So you're just posting to say that you blocked a QNAP that was trying to infect your system? Or did it just do a port scan?
In the last 3 days according to my IPS . I have had 18 "possible network Intrusion attempts" , numerous "ET Drop Dshields", 17 "ET Scans", 1x attempted information leak".
I use Unifi Security Gateway Pro, with a UDM Pro ready to be installed when I get the time. It has very good IPS. https://help.ui.com/hc/en-us/articles/3 ... y-Settings
In the last 3 days according to my IPS . I have had 18 "possible network Intrusion attempts" , numerous "ET Drop Dshields", 17 "ET Scans", 1x attempted information leak".
I use Unifi Security Gateway Pro, with a UDM Pro ready to be installed when I get the time. It has very good IPS. https://help.ui.com/hc/en-us/articles/3 ... y-Settings