Here is a worrying piece of news to see first thing in the morning, Asustor network attached storage (NAS) units are currently the target of ransomware attacks.
Following reports from Asustor customers on Reddit that they were being hit by ransomware attacks on their NAS, the company investigated and found the reports held water. The ransomware being used is Deadbolt.
This ransomware previously targeted QNAP NAS setups in January and demanded a ransom of 50 Bitcoin. This time around the ransom is lower at 0.03 Bitcoin, but paying up is something you shouldn’t do as it simply showcases to the attackers that their ploy works.
To mitigate potential damage caused by the ransomware, Asustor has disabled its myasustor.com DDNS service but also recommends users do the following to protect themselves:
- Change default ports, including the default NAS web access ports of 8000 and 8001 as well as remote web access ports of 80 and 443.
- Disable EZ Connect.
- Make an immediate backup.
- Turn off Terminal/SSH and SFTP services.
Asustor also points to what is best described as a crash course in ransomware protection here as another way users can protect themselves.
Should your NAS already be infected with Deadbolt, Asustor advises unplugging the ethernet cable from the device, shutting it down by holding the power button for three seconds and then waiting.
The firm says that you should not initialise the NAS as this may wipe your data. Unfortunately though, unless you pay or have a backup, your data is more than likely lost.
To be safe backup your data and follow Asustor’s advice above.
