TerraMaster Official Forum

TMSupport wrote:
> [quote=REBELinBLUE post_id=15726 time=1642018220 user_id=4425]
>
> I tried to add a "Reject" rule for all IPs afterwards and I just
> get a generic "configuration failed" message so it's not entirely
> clear.
>
> It would be nice if someone from terra master would confirm
> [/quote]
>
> Hi! When adding a "Reject" rule, you can't deny all IPs, because
> then the device you are accessing the nas will be banned, which is the
> reason for the "configuration failed".

Yeah although normally I would expect the more specific allow to apply, i.e. reject all then allow this range... but yeah since allowing a specific range allows just that range it does the same thing it's just not very clear from the UI

thanks

@TMSupport: Thanks for the answer. As I wrote, my Synology was also under attack. However, the admin-account-problem has been there for a long time. You cannot expect us to set up the Nas completely new. I expected a solution which is performable by people who updated their firmware.

I don't blame you or anyone from Terramaster for the attacks. I just wished to get clearer information on how I can protect myself. "Disabling admin account" is not possible for people who upgraded from earlier firmwares, so I see this as a big problem.

Sorry for not making this topic clear.
To disable the admin account, you need to be a new user with a new tos installation from 4.2.09 or later versions. For all users with tos versions installed before 4.2.09 or update to a later version is not possible to disable the default admin account, you need to re-install a new tos later than 4.2.09.

Just found a Free Ransomware Decryption Tools from synology community, not sure if this can be helpful.
https://www.emsisoft.com/ransomware-decryption-tools/

@powerQ introduces a useful point - there is and will be software developed by the industry (e.g. Emisoft above) and by users (e.g. BloodyDoll v1.0.6) which aims to decrypt files targeted by ransomware attacks. In BloodyDoll's case, this software has been seen as more effective at decrypting the files than the software provided after paying the ransom (as read in this exhaustive forum thread: https://www.bleepingcomputer.com/forums ... port-topic ).

These programs will very likely not work right now as the attacks are so recent, however I am personally keeping copies of the few important files which I lost to encryption along with a copy of the ransomware note (as this holds a unique key) in case knowledge on the encryption catches up in the future.

TMroy wrote:
> Sorry for not making this topic clear.
> To disable the admin account, you need to be a new user with a new tos
> installation from 4.2.09 or later versions. For all users with tos versions
> installed before 4.2.09 or update to a later version is not possible to
> disable the default admin account, you need to re-install a new tos later
> than 4.2.09.
I have a version older than 4.x, but since version 5 is coming out soon, I would like to reinstall the operating system once and reconfigure everything once. Given the situation, is it possible to know more or less when TOS 5 will be released?

TMroy wrote:
> Sorry for not making this topic clear.
> To disable the admin account, you need to be a new user with a new tos
> installation from 4.2.09 or later versions. For all users with tos versions
> installed before 4.2.09 or update to a later version is not possible to
> disable the default admin account, you need to re-install a new tos later
> than 4.2.09.

How can I install the new 4.2.09 if I can not log in with "Admin"?

Hi! You can refer to the article to reinstall the TOS. You need to set a new administrator account during initialization.

I absolutely think that TM could have avoided this situation when they have already learnt in 2019 that QNAP was attacked with the same Ransomware.

Why haven't TM:
1. Send their customer emails about such attack and warn them of the potential attack.
2. Show a popup on the TM login screen to inform about the potential attack on TM NAS devices based on QNAP attack.
3. Update the vulnerability in TM NAS devices with new TOS version.

I do also see that Ver 5.0 is about to release. Did TM fix this vulnerability in this 5.0 TOS version?

I do not also believe that attackers have gained access because of our passwords, it was solely due to a vulnerability in TOS OS that lets an attacker use the root account to do anything they want. And I suspect that TM developers never understood the potential of someone stealing the information and causing such pain to the customers. My password is never saved anywhere it is so complex that nobody could brute force the password, unless they were running an algorithm for a decade.

NavinKanus wrote:
>
They can hack the CIA, do you really think TM, QNAP or Synology can stop them? All the NAS manufacturers are being attacked and there are zero day vulnerabilities in everything that runs software. I do agree that a more prominent warning should be posted, but QNAP haven't done anything either. Look at Log4j. There's a really good article here about linked at the bottom of this post.

While you may have a complex password, a simple privilege escalation, or managing to cause a stack overflow and or run arbitrary code and your password is useless. Most people use the stock ISP router which rarely if ever gets a firmware update, install cheap as chips, smart bulbs or CCTV cameras. Security is multi layered and starts at the router. For example the earlier

What I do think TM should implement is 2FA and a physical login key. I use these to improve security and while again, they aren't 1000% proof, they help to reduce risk. https://www.pcmag.com/how-to/protect-yo ... curity-key

Links to Zero days
https://threatpost.com/ech0raix-ransomw ... es/168516/