Method 1:
Enter the TNAS IP in the browser address bar. If the following page appears on the login interface, it means that your TNAS has been attacked by the Deadbolt ransomware.
Method 2:
1. Log in to the SSH terminal
2. Execute the command to check if there are files with the word "Dead".
Code: Select all
ls -lh /usr/bin/dead-tool
Code: Select all
cat /etc/crontabs/root
After executing the command, if you see a file with the words "Dead, dead-tool, pty10, qnx", it indicate that your TNAS has been attacked by Deadbolt ransomware. Please refer to the guide to remove the virus.