Asustor NAS Deadbolt ransomware attack ...

[Saracen999]

Having recently posted about a QNAP ransomware attack using Deadbolt, I guss it's omly fair to point out that this time, the target is Asustor.

There's a thread on NASCompares talking about it, includi g the advice, if you see the Deadbolt black screen instead of the NAS screen .... DO NOT just pull the plug. Apparently, that can do more harm than good.

Instead, :-

- remove LAN cable, then
- push power button FOR THREE SECONDS (not longer).

This will do a controlled shutdown, and not risk corrupting the OS in the process.

Then, you have time to research and prepare what to do next.

Anyway, .... who next?

[Macman]

Not necessarily a ransomware but a vulnerability on Synology, reported recently

https://www.guru3d.com/news-story/vu...-commands.html

[Saracen999]

At a guess, just about every OS has vulnerabilities. A critical aspect, of course, is what the manufacturer does, how fast they do it, and how dligent they are in notifying users. Synology generally seem to be pretty good.

I guess it's all part of the rich tapestry of modern online life .... along with internet fraud, ID theft and so on. Almost makes me nostalgic about the ae of the abacus. Almost.

Nah, can't sell that.

[jimbouk]

NAS's have many purposes, but if you're purely interested in backup and local shared storage what's the best option? I've got an old ZyXEL box which I turn on periodically but it's well out of support (and my backup system is chaotic). Is a couple of USB drives the best bet? One of 'live' data and one updated every few month that otherwise lives in a drawer? Not the most convenient for more than one machine but fairly safe no?

[Saracen999]

NAS's have many purposes, but if you're purely interested in backup and local shared storage what's the best option? ...

Well, those are kinda contradictory purposes.

I mean, a NAS can do either, but not really both at the same time.

If you have data on othr devices, be it files on yoour PC/laptop, photos on your phone, or whatever, then yes, you can back up to a NAS. BUT if you are using the NAS for locaL shared storage, i.e. say music or video that can be accessed from PC/laptop or your phone, then the NAS is the primary version of the files, not a backup .... if you see what I mean? If you're doing that, then you need to backup the NAS and that can be anywhere except the NAS. It could be a USB drive attached to the NAS, it could be anothr NAS, it could be a different type of remote server. But it needs to be on a different device.

And for backup, it's highly desirable to have more than one copy. So if you backup a NAS to USB, for instance, I'd suggest two, and alternating between them. You don't really want to find one backup location failed, when you need it because your primary failed, do you?

Backup is always complicated to give detailed advice about, because the extent that it is worth going to depends very much on what you're backing up, and whatthe consequencesof losing it would be?

For instance, backing up our photos and a few game saves is a bit less important than a business backing up the data showing who owesit money. In that latter case, at a minimum, it's be a LOT of work to reconstruct sales ledger data from printed records, and at worst, you don't have printed records and losing both primary data and backup = bankruptcy for the business.

It's always a balance. A more effective and comprehensive backup strategy is likely to involve both extra costs, and extra hassle. The question is .... is it worth the cost and hassle Only you can answer that.

The 'best' backup for me isn't necessarily the best backup for you.

One final point. A common misconception is that RAID = backup. It doesn't. RAID is really about resilience, about keeping data available. But consider the ransomware scenario .... IF a user has proper backups, then they can always reset the NAs, rebuild the storage system and restore a backup. In worst case, get a new NAS and start from fresh But if files on the NAS are your 'backup', it's a disaster unless the 'primary' data is on the PC/laptop etc. In which case, the NAS isn't really shared local storage.

'Best' solution? Maybe :-

- data on location 1 (maybe NAS)
- backup on secondary location (maybe another NAS or server)
- next level of backup on a USB drive
- next level on yet another drive, stored offsite, or in cloud storage, or tape, optical media or whatever.

[jimbouk]

Hmm yeah, there are the different use cases and recovery exercises. The rough flow in my head initially was:

1. NAS storage for 'live' data, exists across 1+ machine plus the NAT (sync'd + shared drive).
2. NAS storage of backup of 'live' date, only on NAS. Periodic.
3. Archive storage, only on NAS. Things retired from the live data.

This leaves the archive storage very vulnerable so would be sensible to have another storage option, USB HDD seems sensible. At the moment I only really have #2, mostly because I only recently got a second computer (laptop) and whilst their are other computers in the house they're less of my concern... As said the NAS is switched off most of the time!

Just needs some time first to sort out the data actually being stored really!

[Saracen999]

I find that last bit to be the bit that can be most .... mind-bending. It's also pretty unique to each of us,'cos we do different thuings, and even the things we all do, we often do differently.

My 'backup' strategy has, let's say, evolved. Over the years, it has moved from floppy disks, to Jumbo (remember them?) tape drives, DC.... 30?, was it DC30?, DAT drives, SLR tape (loved Tandberg drives), ZIP disks, Jaz disks, Plasmon PD phase change, MO drives (from 'ikkle Fujitsu drives upwards), CD-R, DVD-R, Bluray and so on.

I always separated data into types, and treated accordingly. Like .... photos. Once stored (often source + edited) they were 'archived'. They'd end up with two or three copies, usually on MO or PD-type drives, because, they don't change much, if it all. And, once 'archived', I'd exclude those from other backup methods.

At the other endof the spectrum from that 'create, store and ignore' type if very infrequentlychanging data, there were things like spreadsheets, my accounting software data files, email archives etc which were constantly changing and/or updated.

So, I broke things down into "types" of data, with the frequency to which it changed or got updated being central, 'cos it called for different treatment.

More recently, I've moved (well, moving is more accurate) to my primary being one big (for me) NAS. But I still have several different data types going on.

1) System images. Macrium Reflect (free) Image files. Really, that's about disaster recovery.

2) Archive data. Digitised music (CDs, working on LPs, etc), and of course, photos, my video files, etc. And, old accounting data I'm still required to keep (thanks, HMRC .... though almost t the end of that), etc.

3) "Live" data. Stuff currently in use, maybe on several PCs. Some is stored locally on those PCs, backed up to NAS. Other stuff is stored on NAS for local share, backed up to USB drives.

4) I'm hovering on the edge of a second NAS. My thinking is this .... back up NAS 1 to NAS 2, and NAS 2 to NAS 1, via rSync. Use two different makes (or types) of NAS. Dunno what, yet. Maybe QNAP and Synology, maybe QNAP and a TrueNAS. Dunno. My logic being if one type of NAS gets hit by ransomware, hopefully it won't also infect a different type, 'cos, different vulnerabilities, etc.

5) Back up each to different USB drives.


Still thinking about it, though. It isn't going to be a budget solution, if I do it. It might also be overkill. Dunno. Still noodling it.

But I'm decluttering (or already have) old PCs and bits furiously. I mean, tape? Still?

[spacein_vader]

I'm hovering on the edge of a second NAS. My thinking is this .... back up NAS 1 to NAS 2, and NAS 2 to NAS 1, via rSync. Use two different makes (or types) of NAS. Dunno what, yet. Maybe QNAP and Synology, maybe QNAP and a TrueNAS. Dunno. My logic being if one type of NAS gets hit by ransomware, hopefully it won't also infect a different type, 'cos, different vulnerabilities, etc.

Another issue with this is (as shown by the log4j issues,) that as all NAS devices tend to rely on a some of the same open protocols and/or open sourced code a vulnerability affecting one could easily affect all.

For this and the other reasons you mentioned I'm not sure the minimal reliability gains outweigh the cost in both time and money.

Related xkcd: https://xkcd.com/2347/

[Saracen999]

Probably right, spacein. Of course, it's also 'cos part of me wants to play with the Synology. Did I say 'play'. I meant, use. Yup, use.

Actually, seriously, version 1 of the plan was just to use another NAS, probably identical, as part of a backup strategy. Not only could I use it to back up files, but as a hardware spare in the event of a failure with the NAS. And, from there, I wondered about a different NAS, rather than a second, identical one.