Another backup solution is affected by ransomware

Another backup solution is affected by ransomware

Deadbolt infected and encrypted Asustor discs.

Asustor NAS devices are the latest affected by Deadbolt ransomware.

Network storage drives (NAS) from manufacturer Asustor are affected by the Deadbolt ransomware virus, several media outlets have reported. The same virus also infected Qnap’s NASs earlier this year.

These disks often have an Internet connection to give you access to content even outside the network at home, and with software weaknesses, disks are open to attack.

Ransomware virus, also known as cryptolocker, is a type of program that encrypts the contents of disks and requires money to send a decryption code that extracts the files back.

“My extreme horror and anxiety discovered that my NAS is exposed to Deadbolt,” one Tek reader wrote in an email Tuesday night.

In the case of Asustor, just like Qnap earlier this year, the attackers are demanding payment in bitcoin. The amount is 0.03 bitcoins, which is just over 10,000 kroner according to the value of bitcoins today.

Whether you can actually unlock files by paying is not yet known, and it may be worth waiting for the manufacturer to have time to look into it and possibly come up with a solution.

Asustor has not publicly commented on the attack, but they did post a comment List of tips for users Affected and users who want to protect themselves from Deadbolt. They write first of all that the DDNS service will be turned off while the case is being investigated.

See also  Norway, Russia | Russians confuse Widerøe's GPS systems: - Creates big problems for us

DDNS is a service that ensures that you always access a networked device through a web address, even if the IP address behind it has changed.

Virus-affected customers are advised to unplug the Ethernet cable from the disk, turn it off by holding down the button for three seconds and fill out a form that they have posted on the website. It states that the company’s technicians will contact you as soon as possible.

Customers who want to protect themselves from attacks are required to switch ports in use – away from the standard ports 8000, 8001, 80 and 443. They should turn off the EZConnect service that normally provides access from anywhere in the world, back up immediately and turn off some Services in the program.

On Reddit, several users gathered and tried to look at data from affected clients to find out where the vulnerabilities are in the system. The EZConnect service has been cited as the likely culprit, along with the Plex media player.

It is currently not clear if all Asustors NAS models are vulnerable to the attack. At least the AS5304T, AS6404T, AS5104T and AS7004T models appear to have confirmed their attack.

Hanisi Anenih

Hanisi Anenih

"Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst."

Leave a Reply

Your email address will not be published. Required fields are marked *