How to check if your TNAS is attacked by the Deadbolt ransomware?
Posted: 07 Mar 2022, 19:46
How to check if your TNAS is attacked by the Deadbolt ransomware?
Method 1:
Enter the TNAS IP in the browser address bar. If the following page appears on the login interface, it means that your TNAS has been attacked by the Deadbolt ransomware.
Method 2:
1. Log in to the SSH terminal
2. Execute the command to check if there are files with the word "Dead".
3. Execute the command to check if there are files with the word "dead-tool、pty10、qnx".
After executing the command, if you see a file with the words "Dead, dead-tool, pty10, qnx", it indicate that your TNAS has been attacked by Deadbolt ransomware. Please refer to the guide to remove the virus.
Method 1:
Enter the TNAS IP in the browser address bar. If the following page appears on the login interface, it means that your TNAS has been attacked by the Deadbolt ransomware.
Method 2:
1. Log in to the SSH terminal
2. Execute the command to check if there are files with the word "Dead".
Code: Select all
ls -lh /usr/bin/dead-tool
Code: Select all
cat /etc/crontabs/root
After executing the command, if you see a file with the words "Dead, dead-tool, pty10, qnx", it indicate that your TNAS has been attacked by Deadbolt ransomware. Please refer to the guide to remove the virus.