Asustor NAS Deadbolt Ransomware - What Happened, How it Works, Workarounds, Security & Resolution?
Вставка
- Опубліковано 28 лип 2024
- Asustor NAS Drives Getting Hit By Deadbolt Ransomware - nascompares.com/2022/02/21/as...
Video Chapters
00:00 - The Start (duh!)
00:20 - The Asustor Deadbolt Ransomware Attack, What is it and When it Started?
01:20 - How Deadbolt Encryption was executed on Asustor NAS Drives?
02:35 - Users Being Met with the Deadbolt Black Warning Screen
03:15 - Users Who Avoided/worked Around the Deadbolt Screen and Accessing Storage Pools (still Encrypted)
04:00 - Why the Deadbolt Splash Screen is there and delay tactics
05:05 - WHY your Asustor NAS Drive is showing as Uninitialized Right Now
06:30 - How to Power Down Your Asustor NAS Safely and the Asustor Statement
09:35 - Resources on How to SSH to Kill the Splash Screen and using SSH to Kill the Deadbolt Process
15:20 - Guide to If you HAVEN'T been hit by Deadbolt but want to Secure your Asustor NAS Right Now
20:00 - Changing your Default Ports (HTTP/HTTPS)
22:05 - If your Asustor NAS is showing as Uninitialized, What you Can Do (plus what might eventually be possible)
26:40 - An Example of Data Recovery from Ransomware Encryption using PhotoRec and External Storage
29:55 - Recommendations for What to do with your Encrypted Data for now
30:10 - Possible Solution #2, Using a Linux VM with the linked Guide
31:30 - Backups and What Consitutes an actual BACKUP
Asustor Support Form - docs.google.com/forms/d/e/1FA...
RAID 1 Recovery Option - thearchitect.wordpress.com/20...
QNAP QRescue Guide for reference - www.qnap.com/en/how-to/tutori...
NASCompares Free Advice Area - nascompares.com/contact-us/
Vulnerabilities And Exploits On Synology & QNAP NAS - Stay Updated! - nascompares.com/2021/05/26/vu...
This description contains links to Amazon. These links will take you to some of the products mentioned in today's video. As an Amazon Associate, I earn from qualifying purchases.
Thanks for watching. Do you still need help? Use the NASCompares Free Advice section above. It is my free, unbias community support system that allows you to ask me questions about your ideal setup. It is NOT a sales platform, NOT a way to push hardware you don’t need and, although it is just manned by me and might take a day or two for me to reply, I will help you any way I can. Below are some more popular guides.
NAS Buyers Guide - Get It RIGHT First Time - nascompares.com/2021/01/01/na...
Synology DSM 7 Review - ALL PARTS - nascompares.com/synology-dsm-...
Synology DSM 6.2 vs DSM 7.0 - • Synology DSM 7 0 vs DS...
Synology DSM or QNAP QTS in 2021/2022, Part I - nascompares.com/synology-vs-q...
Synology DSM or QNAP QTS in 2021/2022, Part II - nascompares.com/synology-vs-q...
Synology DSM or QNAP QTS in 2021/2022, Part III - nascompares.com/synology-vs-q...
Mesh Routers VS Powerline Adapters And Wi-Fi Extenders - Buyers Guide 2021 - nascompares.com/2021/03/08/me...
Synology NAS Unofficial Memory Upgrade Guide - nascompares.com/2020/04/06/sy...
How To Switch From Google Photos And Drive To Synology NAS - A Step By Step Guide - nascompares.com/2021/01/17/ho...
This description contains links to Amazon. These links will take you to some of the products mentioned in today's video. As an Amazon Associate I earn from qualifying purchases.
Amazon NAS Solutions - amzn.to/37oX47P
Or follow and speak with Robbie directly on his Twitter - / robbieonthetube
Still not enough? Then why not visit and subscribe to our blog. Updated regularly it gives you a far wordier version than the NASCompares UA-cam, as well as provide you with hints and tips on how to make the most of your hardware here www.NASCompares.com
Don't forget to visit them on Facebook to enter prize draws, giveaways and competitions, as well as hear about the latest news, NAS releases & offers - / nascompares - Наука та технологія
Apologies for the slightly rushed nature of this video. The Deadbolt ransomware attack on Asustor NAS systems largely kicked off yesterday afternoon and I have been pretty much non-stop on this since then (pulling an all-nighter like the old days!) and assisting a bunch of users, as well as finding out as much as I can and being as noisy as possible to alert any users left who might be targetted. As the video suggests, I will be updating the article on this as more info arrives and if a workable solution appears (I have a deadbolt affected Asustor arriving with me later in the week), I will make a video on this. Otherwise, night night everyone, I am bloody shattered! #Ihateseagulls
If you had set-up the Android or IOs apps, you could afterwards enable/disable all the services.. thats what saved me.
Thank you for the video very helpful. Not sure if I have done the right thing but managed to get some of my uninfected files off the drive by using a linux reader program and hooking up one of the drives to an external caddy and linking to pc. Some of my photos are infected and changing the file name does not work they are encrypted also.
"seagulls (stop it now)" ua-cam.com/video/U9t-slLl30E/v-deo.html
I'm running my Lockerstor4 in paranoid mode on the older 3.5 firmware and never got hit. Never enabled ez-connect either as I didn't trust it, and I never use any of the ASUS apps, preferring to hand-roll my own docker containers via a hand-installed Portainer-CE installation. I had disabled the admin and guest accounts the day I set mine up as well as changed the default ports on it. It sits behind a custom hardware firewall as well.
Contact 900Ethics
He can help you fix it
Came across this video whilst reading up on the attack, I have an Asustor, not sure yet if its been effected, as I only accessed it remotely via Android login from work to shut it down. I will be checking it later using these tips and wanted to thank you in advance for your efforts. Hoping all data is OK, and if it is i will be changing all the ports and following your suggestions - Hope everyone else is OK too! Good luck everyone
Jeez, I’m glad I found this channel. So much good info.
Only I got notified of your upload I’d have never of known, thanks lad.
I haven’t been effected, it’s now shutdown.
Everything you said is spot on. Especially the uninitialized issue.
For those who want to know, there is a bit of an update on the "stuck on un-initialised" screen - New ADM version can actually bypass now for some users so you can access ADM and start to see how many files have been encrypted by deadbolt. Hope like me, many got off lightly (only volume 1 effected, but my drives were single volumes not in RAID)
I am on QNAP, but this is very usefull
Yikes. I feel a bit freaked out and I don't even have an Asustore. Good luck to everyone!
Hi I followed the advice to clear the visus. However changing the files to remove the .deadbolt is not working
I had accidentally knocked the power off of my NAS before the attack. I plugged it back in when I figured it out. Went 2 days before I logged in only to see the splash screen. I was able to get to the main screen and shut it down from my office. Still seems like I lost my data.
I got hit with this Deadbolt Ransomware a few days ago. On 24th morning, my internet was down. When the internet came up, I logged on to my laptop and tried to access the ASUSTOR NAS (AS1002T) - I had earlier mapped different volumes on the NAS to different drive letters on the laptop. When I clicked on a mapped drive, I could not access it. Control Centre did not display the device. I thought it has something to do with the internet going down, so I powered down the NAS (may have pressed the button longer than 3 secs). After that the Control Centre displayed the device but with the "Uninitialized" status.
A few questions:
1. If I do as the ASUSTOR support suggestions and update the ADM, and bypass the "Uninitialized" status, will the ransomware encryption (that had stopped earlier because of shutdown), start up again? Do I have to do something to stop that?
2. Will I see the Black screen message after the ADM is updated? If so how to bypass that and access the different volumes to check the status of the files?
3. At any stage after the ADM update, if I decide that I need to pay the ransom in order to recovery my data, is it possible? Or, the update will do away with that avenue?
4. Once I am able to see my files, do I need to immediately copy them to another disk drive (external drive attached to my laptop)? If I delay that copy for a few days, will the situation get worse? If so, I need to buy an external drive before I attempt to update the ADM. BTW. I have photos and videos of past 25 years on the NAS, and I do not have a backup of the data for last 3 years, and therefore recovery of as much data as possible, of the last 3 years, is important to me.
5. If I decide to pay the ransom, how do I pay in Bitcoin? I have never dealt in bitcoins before. BTW. I live in Canada.
Can the good folks who are knowledgeable on this issue be kind enough to provide some answers, please.
When I got my AS6510T I turned on all those services just because I wanted to see if there were security issues with them enabled. I had not transferred any data to the NAS yet so there was no data risk. I monitored the logs and within a few days I was getting attempted access from most of the countries where attacks originate like China, North Korea, Russia... etc. I shut down all remote access services and I have not seen a single access attempt since. I think Asustor needs to reassess their security model
Anything major targeting Synology or do they seem any safer?
I have ASUSTOR NAS AS1002T which has been hit with Deadbolt. But I have never seen or used AppCentral or Plex Server. Are these only valid for newer models of ASUSTOR NAS?
Will the Asustor hardware run any different Linux OSs? If I just want to build a NAS device can't I do that with a server version of a different Linux OS? Most of them have some kind of GUI. Just a thought.
Is it affect NAS only, or somehow PC too ? Will be problem solved is i will use some linux distro instead of official OS ? or it more hardware problem ?
I agree with the other comments, I'd like to see a video on securing a Synology NAS. I figure some of these steps would work for Synology. I just wanna keep my home NAS secure.
By default Synology does not poke holes in your router unless you set it up to allow it (have to go out of your way to do it)
with qnap/asustor believe it's basically a upnp on and off setting in settings (to easy to enable or might be enabled by default in the past regarding for qnap)
I have my 4 drives that are in RAID5 connected to an Ubuntu based PC. The volume mounted itself, there was nothing to be done.
As I feared, most of my files have been encrypted (about 80%). The worst is, the most important are in that category.
Anyone has any clue how this could be encrypted?
Is synology also been affected? I see Asustor, qnap, terramaster, but not synology or truenas, truenas i get it since you don't use a their dedicated cloud, but synology? Does this mean that synology is more secure, or others less?
Rather than spending a long time trying to retrieve data and risk my NAS being connected to my laptop, I'd prefer to just wipe clean the two drives in my AS6302T NAS and lose the data permanently. Can this be done and the NAS setup anew with clean disks as if they had just been installed? I have a Raspberry Pi with a Linux OS set up on the network as an Apple Airprinter server. Could this be used with a disk caddy connected by USB cable to wipe the disks?
i would love to see a synology version of this video
Any solution for the "Uninitialized" situation? I've updated the firmware on my NAS, so it's not encrypting files anymore, but I still have the "Uninitialized" status. If I initialize the drive, it will erase all data. It's amazing how little information ASUSTOR has on this attack.
I have a Synology but would this affect a backup on an external drive plugged into the Nas? Assuming that this same type of attack might be implemented on Synology Nas systems.
I'm going to be setting up a backup on my Synology with an external drive so I'm curious if that would be a version of back that you are talking about to help recover your data in this case?
Good question. But I find Hyper Backup to an external USB3 caddy is so slow you'd have plenty of time to unplug it before ransomware could do much encrypting of the backup files.
Thanks for the video! Maybe I was saved by using an OpnSense router that hasn't Upnp
Can you make a similar video for Synology users focused on preventing this sort of attack?
Yeah, don't connect it or any NAS to the internet and look into using VLANs.
@@DJaquithFL I don't understand VLANS, what advantage do they have then just split up your "departments or users "?
@@michaelflamingsword3131 .. Again the money example, do you want someone in shipping and handling to access your payroll, retirement or benefits and divert it to themselves? Most of these videos for prosumer and home users is to split your network into parts where IOTs are separate from access to your PC and the documents on it including NAS etc. The biggest threat on your network is anything that can communicate to the internet. Example your old outdated TV, DVD player, streaming device, camera or you name it that are no longer receiving security patches and updates or in general have major flaws .. opening up the gates to all of your data and other information connected to your home network.
How do I know what file system i’m using? Is it ext4 or btrfs? I don’t know
Has Ausustor come up with a PhotoRec solution like Qnap did yet? Are they even working on that? I have been checking their web site but haven't even seen mention of this. :/
I was wondering the same thing. Personally, I wouldn't hold my breath.
It's now been 2 months and from what I can tell Asustor haven't really shared any more useful updates or insights. In all their communications it seems that their stance is: 'Make sure you have other backups of your data. We'll help you, but only by telling you how to wipe your NAS clean. Everything else is on you."
No apologies, no taking responsibility, no transparency around the details of what caused the issue, no information on how they're ensuring that the exact same thing won't happen again 12 months down the track.
Is there risk of contagion if I remove the drives, attach them to an external enclosure, then try to view them on my PC? Or is this an Asustor-hardware-only ransomware?
I wonder the same thing.
A HDD that is part of a RAID array typically won’t be accessible as an individual drive regardless of platform. The exception to this might be RAID 1. There are also file system differences that Windows may not be able to deal with. If all drives of the RAID array are installed on a PC running Linux Then they should be mountable with some simple commands. This should be done in a virtual machine to be on the safe side.
Always backup your data separate from your NAS
You can never be to careful
I learned the hard way many years ago having a hard drive crash and couldn't be recovered via an outside vendor. I had tons of work models that I built which I lost. Definitely found out that developing a backup strategy after the fact does not work.
Jesus Christ, thank fuck I have a backup. But my backup isn't super up to date and I'm missing very important 400 MB of data.
Yes, not that much size wise, but still irreplaceable.
Totaly agree, and a third backup offline too
Backup, backup, backup…
I think that a good idea would be that all the files on the NAS are read-only (maybe with some exceptions for logging etc) and if for any reason the device needs to change them, there could be an option to ask you to authorize it.
A better option would be to encrypt everything.
How does one get effected in the first place❓ Is it a user clicking or downloading links from unknown sources or emails that leads to this❓
Poking holes in your router (port forwarding or upnp on the nas) letting the Internet access your nas directly (or indirectly via ez connect)
I really whant to know how and where dit it enter on the NAS, some deadbolted Nas have SSH down, 2FA and hard password (note 2FA activated is also needed for SSH). I also note that as i have ear, that no password was pirated (If it's true that elimimate the bad or Not enoungh Strong password). Because i Always ear "it's the user fault". And i dont think that all true.
I would like to know that as well. Ive just been hit. And I don't have SSH enabled or ez connect. Only smb and ddns with login creds. How the hell do they get in. 🤔
Scary stuff. I have a Synology, but I would never have used EZ Connect anyway just as I would never use Synology Quick Connect, so I imagine the brand doesn't matter in my case.
I have ports 80 and 443 forwarded from the router to the NAS, and one Plex port (which I could probably stop, to be honest, as I use Jellyfin now, and I only really have Plex still running for comparison purpose), nothing else if memory serves. I only even forward 80 because everything is set to autoredirect to HTTPS and I'm too lazy to type before URLs.
My setup is that 80/443 are forwarded to the NAS, and the LSIO swag container on the NAS reverse proxies the request to everything else. I'm not sure if that layer between would obfuscate or help with this etc... but I do this because I don't want to have to connect my phone to a VPN every time I want it to upload a picture to Nextcloud or something.
Yep, I got it yesterday thought my NAS was making a lot of noise but had to go to work immediately and forgot to check after, today found my whole NAS locked out. Immediately shut it down, just waiting for Asustor now to come with some more information :(
Didnt even notice the noise, just noticed it and guess its too late :’)
FIXED Please read. A tech was able to get all data back! had the "Unitialized" situation. setup was 4 disks in RAID 10 (2 disks striped and then mirrored to the other two that were stripped. Just take disk one and use "EaseUS" to find the hidden data. Some of it was in folders with correct names and some were not but they did have the file names. I have no idea why this worked with only one disk and still sifting through the files (1000+) to see if they all work. So far so good. I dunno I can't rap my head around why recovering from only one disk got this much information back. *I never use EaseUS btw. I have RapidSpar but the tech used it. JUST TRY IT! OR I DON'T CARE USE ANY RECOVERY SOFTWARE ON ONE DISK. I really hope this helps someone!
IKR. I noticed my NAS making a lot of noise recently, out of the norm, but I assumed it's just hard drive scanning things. I also noticed my NAS ran out of disk space, but it already only had like 3 GB left anyways, so I paid little mind.
I was so close to stopping this mid-act. Now all my files are encrypted. Luckily I have a backup for 99% of the things on there.
@@kingsleytechconsultants3361 did this a while ago, sadly all documents recovered where related to the asustor firmware for me, couldnt recover any personal data
Does Snapshot on Synology prevent loosing all your Data ? - Does it help to recover encryptet files or would the snapshot files encrypted too ?
You should have offsite backup as well.
@@davidpeters7447 I know - and for me it's a no-brainer... RAID is no Backup ;) - The Question was : Will snapshot files encrypted too, or can this feature help to recover files quicker in a worst case scenario ?
Because if snapshots would be hit too - they would be unusable to go back in the file struckture. So you have to recover the NAS from Backups anyway...
@@Bertilax my understanding is that snapshots cannot get encrypted. Check Spacerex on UA-cam for protecting a Synology against ransomware.
@@Bertilax snapshots is basically the name it's a snapshot at that point in time and keeps track of changes so you can revert individual files or the whole share back to a specific snapshot to undo unwanted changes are in some cases ransomware
my cloud sera seguro de usas en estos tiempo !!
My Asurtor system was attacked Monday. Luckily I had done a backup last Thursday so I only lost a day worth of work and still have all my files. All I did was reformatting the hdd erasing and going over 7 times to make sure all files were deleted. Back up and a good malware program can save you a lot of $$ and down time..
FIXED Please read. A tech was able to get all data back! had the "Unitialized" situation. setup was 4 disks in RAID 10 (2 disks striped and then mirrored to the other two that were stripped. Just take disk one and use "EaseUS" to find the hidden data. Some of it was in folders with correct names and some were not but they did have the file names. I have no idea why this worked with only one disk and still sifting through the files (1000+) to see if they all work. So far so good. I dunno I can't rap my head around why recovering from only one disk got this much information back. *I never use EaseUS btw. I have RapidSpar but the tech used it. JUST TRY IT! OR I DON'T CARE USE ANY RECOVERY SOFTWARE ON ONE DISK. I really hope this helps someone!
Updated ADM and had a snapshot from 8/21. Didnt loose too much. Only problem is now one of my drives is showing bad. Going to scan after its synced
My por-, I mean, my legal documents!
*smashes like button*
Gladly I never had remote access or ez-connect enabled and never used plex on it, also when this all started I happened to have my Asustor turned off. With that said, powered on, immediately switched off SSH-connection and swithed https-protocols, seems all good for me luckily. Also, I am using a VPN on my router.
You have TP-Link AX11000 ?
I got it hit too but all able to access via network share and all backed up all my file so I'm not very worried but the day after my system file got encrypted I guess prolly I did force shutdown, since greeted to initialized the NAS
FIXED Please read. A tech was able to get all data back! had the "Unitialized" situation. setup was 4 disks in RAID 10 (2 disks striped and then mirrored to the other two that were stripped. Just take disk one and use "EaseUS" to find the hidden data. Some of it was in folders with correct names and some were not but they did have the file names. I have no idea why this worked with only one disk and still sifting through the files (1000+) to see if they all work. So far so good. I dunno I can't rap my head around why recovering from only one disk got this much information back. *I never use EaseUS btw. I have RapidSpar but the tech used it. JUST TRY IT! OR I DON'T CARE USE ANY RECOVERY SOFTWARE ON ONE DISK. I really hope this helps someone!
f**cking hell too many Robo-comments
I was thinking to buy an Asustor NAS, it seems not a good idea at this moment...
My nas is not on a WAN. It's on a Lan. Everything is fine.
Go ahead and buy Asustor, but just don't use EZ-connect nor activate other internet exposed services (e.g. web server) for now. Asustor has many options for secondary backups of the NAS as well so you can protect from this or HW failure, etc.
Sorry to hear you got affected. I was lucky enough to not have been affected, so haven't had to do the steps. I recommend you to go to Asustor support and forums.
Make Hacking like this a Capital Offense, and treat it like terrorism.
Ethical hacking is a good thing. And should be supported. Find the holes the trucks ride through. And needle holes.
@@michaelflamingsword3131 .. No such a thing from unwelcomed hacking. Companies often have contests with large financial prizes for those who can find security flaws. When your bank says "sorry your bank account is empty" an ethical hacker paved after posting security flaws on the dark web paving the way for hackers to take your money.
@@michaelflamingsword3131 only if approved. Now if I was hacked and the hacker did no damage and told me what to fix then I wouldn't be too upset.
20 Years of photos deadbolt locked. Wedding, birthdays, births, holidays. Memories potentially lost forever. I'm beyond gutted and really upset. Of course, I am learning the painful way that if I ever get them back, to have a secondary backup but more than that I am furious as Asustor. If Qnap got hit last month, did they not consider warning the rest of us? I didn't know about qnap attack until it happen to my asustor.
Have any Qnap owners got their data back without paying the ransom? I can't afford $1100 without even the guarantee of the key working.
My wife does photography and has a ton of pictures so I made sure to backup offsite as well. Isn't cheap but as you are, she would be gutted. Hope everything works out for you.
I am the same bud. Absolutely gutted!!
Yup same. I don't have any offsite backups as that is a damn expensive option especially if you have a lot of data like me. And it looks like by now my complete NAS is affected, I don't know if only a few files are, if 25% of them are, half of them, or all of them. I have way, way too many files on these 16TB's of drives to check through them all.
I'm so damn depressed right now. Not sure what to do either because I don't know if doing anything like what this video says would help me.
I guess maybe shut the thing down is my best option and hope that Asustor comes up with a solution?
You did not make a backup. That is your fault in this. Always make backup. Keep it somewhere. You have the 1100 dollars but I understand you don't want to spend it on idiots who got you by the tazzz. So next time BACKUP ! Yes ?
@@michaelflamingsword3131 Merry Christmas to you too.
Any updates on this issue?
FIXED Please read. A tech was able to get all data back! had the "Unitialized" situation. setup was 4 disks in RAID 10 (2 disks striped and then mirrored to the other two that were stripped. Just take disk one and use "EaseUS" to find the hidden data. Some of it was in folders with correct names and some were not but they did have the file names. I have no idea why this worked with only one disk and still sifting through the files (1000+) to see if they all work. So far so good. I dunno I can't rap my head around why recovering from only one disk got this much information back. *I never use EaseUS btw. I have RapidSpar but the tech used it. JUST TRY IT! OR I DON'T CARE USE ANY RECOVERY SOFTWARE ON ONE DISK. I really hope this helps someone!
Well Im screwed then, as I have a RAID5 and I shut down the machine as soon as I saw the message...
FIXED Please read. A tech was able to get all data back! had the "Unitialized" situation. setup was 4 disks in RAID 10 (2 disks striped and then mirrored to the other two that were stripped. Just take disk one and use "EaseUS" to find the hidden data. Some of it was in folders with correct names and some were not but they did have the file names. I have no idea why this worked with only one disk and still sifting through the files (1000+) to see if they all work. So far so good. I dunno I can't rap my head around why recovering from only one disk got this much information back. *I never use EaseUS btw. I have RapidSpar but the tech used it. JUST TRY IT! OR I DON'T CARE USE ANY RECOVERY SOFTWARE ON ONE DISK. I really hope this helps someone!
There are so many products and boxes in the studio that the presenter will become invisible in a few months ;-)
you should remind all people watching your vids that they need 2 everything.
After the attack, we shut down the server with AiMaster. When we opened it again, we got a "Uninitialized" warning in the Control Center application. What are we supposed to do? Not all of our data was encrypted. We do not want our data to be deleted. What should we do?
FIXED Please read. A tech was able to get all data back! had the "Unitialized" situation. setup was 4 disks in RAID 10 (2 disks striped and then mirrored to the other two that were stripped. Just take disk one and use "EaseUS" to find the hidden data. Some of it was in folders with correct names and some were not but they did have the file names. I have no idea why this worked with only one disk and still sifting through the files (1000+) to see if they all work. So far so good. I dunno I can't rap my head around why recovering from only one disk got this much information back. *I never use EaseUS btw. I have RapidSpar but the tech used it. JUST TRY IT! OR I DON'T CARE USE ANY RECOVERY SOFTWARE ON ONE DISK. I really hope this helps someone!
Just a reminder that your dealing with criminal and non-moral people who have no honor. Do not send money , if you send money your a put on a list of naïve people and the will attack again knowing your paying. Just be patient Asustor will find a solution. Also i can access my asustor with my phone app. So my plan is to wait for update and update with my asustor phone app. #iloveseagulls
Several users affected by Deadbolt Ransomware did not even enable EZConnect. Plex is one of the suspect.
They might have had SSH on as that's set on by default.
@@Phamine You have to set that OFF or unless you are with Support to Remote Access it.
Has anyone paid the ransom and confirmed they got their data back?
They solved mine too
900Ethics fixed mine
@@_900ethics_sur_instagram Fu mate
this very dangerous was ounce a victim not until I contacted the above mentioned account ☝️☝️contact them they have solutions
Must admit this was a good video about a bad topic
I just found out that I have been attacked by the Deadbolt Ransomware. And ALL my files have been effected. Is there anyway to fix this? I have no backup all. Everything I have years and years of data all in my Asustor. This is such a shit situation and Asustor needs to be held accountable!
YOU ALWAYS MAKE A BACKUP ! That is why they attack you ! lol.
@@michaelflamingsword3131 of course. That was my mistake for not backing up my data. But that does not steer the blame away from Asustor. They definitely could have done a better job at securing their client's data by securing their points of entries.
@@michaelflamingsword3131 Most of the users bought the NAS device for backup. And most of them do not have any backups. So, please, be considerate.
@@DS-pk4eh they are using it as central location to store data, not as a backup (31:30)
I have had customers with light bulb moments when I actually explain to them that if they backup there data to the usb hdd (which is actually them meaning they've moved their data to the external USB hard drive) what would happen if you dropped that hard drive you would now lose all your data
copy the data to the USB external disk Not move (pictures/videos/documents don't slow your computer down) have this happened to at least three customers where they lost everything due to destruction of their usb hdd (as to why I always recommend 2 usb backups not one)
Make for asustor sure btrfs is used and snapshots are setup (50 max snapshots once per day at 1am), if using Synology use advance retention rule of 0h 7d 4w 3m 0y (it keep snapshots count below 14 but still give you 3 months of undo) and have 2 usb backups (don't trust one USB hdd for backup as they can be dropped and be destroyed)
FIXED Please read. A tech was able to get all data back! had the "Unitialized" situation. setup was 4 disks in RAID 10 (2 disks striped and then mirrored to the other two that were stripped. Just take disk one and use "EaseUS" to find the hidden data. Some of it was in folders with correct names and some were not but they did have the file names. I have no idea why this worked with only one disk and still sifting through the files (1000+) to see if they all work. So far so good. I dunno I can't rap my head around why recovering from only one disk got this much information back. *I never use EaseUS btw. I have RapidSpar but the tech used it. JUST TRY IT! OR I DON'T CARE USE ANY RECOVERY SOFTWARE ON ONE DISK. I really hope this helps someone!
An update was published to solve the uninitialized issue: www.asustor.com/en/knowledge/detail/?id=6&group_id=630
Yes, this was updated in the article and also here in the comments yesterday. Nevertheless, thank you for being a good chap and sharing with everyone
Sadly I am also affected, and I feel sick and violated. Unlike others, I do not entirely blame Asus but it makes me sad that there are some very clever people in this world who's morals are such that they feel it is okay to use their skills to take advantage of innocent people. My Asustor has (had?) backups from my PC and from my wife's MacBook, all my music and over 100,000 digital images (20 years' worth). I suppose the good news is that my music and all the digital images are safely backed up to an old NAS; I have just checked and all the files are safe. The backups can be rebuilt. I did the safe shut down of my affected NAS, so I will leave it off until the dust settles and advice emerges as to the best way forward.
Always use 2 Step Verification Option if that is on your NAS, and no SSH, nor Teamviewer.
Doesn't help in these types of cases as login/password/2fa is just simply bypassed
FIXED Please read. A tech was able to get all data back! had the "Unitialized" situation. setup was 4 disks in RAID 10 (2 disks striped and then mirrored to the other two that were stripped. Just take disk one and use "EaseUS" to find the hidden data. Some of it was in folders with correct names and some were not but they did have the file names. I have no idea why this worked with only one disk and still sifting through the files (1000+) to see if they all work. So far so good. I dunno I can't rap my head around why recovering from only one disk got this much information back. *I never use EaseUS btw. I have RapidSpar but the tech used it. JUST TRY IT! OR I DON'T CARE USE ANY RECOVERY SOFTWARE ON ONE DISK. I really hope this helps someone!
FIXED Please read. A tech was able to get all data back! had the "Unitialized" situation. setup was 4 disks in RAID 10 (2 disks striped and then mirrored to the other two that were stripped. Just take disk one and use "EaseUS" to find the hidden data. Some of it was in folders with correct names and some were not but they did have the file names. I have no idea why this worked with only one disk and still sifting through the files (1000+) to see if they all work. So far so good. I dunno I can't rap my head around why recovering from only one disk got this much information back. *I never use EaseUS btw. I have RapidSpar but the tech used it. JUST TRY IT! OR I DON'T CARE USE ANY RECOVERY SOFTWARE ON ONE DISK. I really hope this helps someone!
Ok some of the data is incomplete because... well duh.. stiped RAID 1. Of course I thought this would be the case so now I'm trying to mount the logical volume on a LINUX machine and then use Photorec to get files but not sure if that will work because of the RAID. Any thoughts?
Care to explain a bit more, as I do not understand what is that you are saying? You can find your unencrypted files in some hidden folder? or can unencrypte the one that have been?
@@DS-pk4eh I found unencrypted files. they are the ones that were deleted due to changes or copies. Because no data is ever really deleted I was able to find most of my files on the deleted space of the drives.
I'm thinking about using Microsoft ONEDRIVE and paying Microsoft to avoid all this mess in the future.
Should I as Synology owner be worried?
At the moment - No.
QNAP was hacked, AsuStore is Hacked, only Synology (of the big Brands) is safe at the Moment and was not hit until now.
- but take care of Passwords and use 2FA - it will be a matter of time until Synology could be a target, because it is a major brand and the damage would be big...
@@Bertilax Thankfully I just converted 2FA over the weekend plus I do not allow outside access to my Synology except by VPN which is only by me.
@@Bertilax Synology was targeted by a bunch of access attempts about a month ago or so. It was annoying for people, but the auto-blocking, etc. worked as expected. Many of those were using a VPN who dealt with the access attempts. I, on the other hand, had no access attempts because I have ZERO ports open on my router and use QuickConnect which tunnels from inside out from the NAS via the NAT on a random port versus whatever nonsense the asustor utilizes which I think requires opening ports and even UPnP which is very bad for security on a router, etc. If you google "cowicide quickconnect reddit" one can find how my setup has worked for me in a thread I titled "Weighing and mitigating remote access risks between QuickConnect and running a VPN module on a Synology NAS"
@@Cowicide My VPN is not on the Synology. At the end of the day, there are no guarantees when it comes to security.
@@davidpeters7447 What's your point?
Its a really really crap day.
Asustor has released the instruction how to solve. But it is not clear and no FAQ etc. I regret to death to buy this crap.
FIXED Please read. A tech was able to get all data back! had the "Unitialized" situation. setup was 4 disks in RAID 10 (2 disks striped and then mirrored to the other two that were stripped. Just take disk one and use "EaseUS" to find the hidden data. Some of it was in folders with correct names and some were not but they did have the file names. I have no idea why this worked with only one disk and still sifting through the files (1000+) to see if they all work. So far so good. I dunno I can't rap my head around why recovering from only one disk got this much information back. *I never use EaseUS btw. I have RapidSpar but the tech used it. JUST TRY IT! OR I DON'T CARE USE ANY RECOVERY SOFTWARE ON ONE DISK. I really hope this helps someone!
How do I know what file system i’m using? Is it ext4 or btrfs? I don’t know
I just left it blank since I don't know.