Results 1 to 9 of 9

Thread: Asustor NAS Deadbolt ransomware attack ...

  1. #1
    Senior Member
    Join Date
    Aug 2016
    Posts
    3,927
    Thanks
    932
    Thanked
    970 times in 714 posts

    Asustor NAS Deadbolt ransomware attack ...

    Having recently posted about a QNAP ransomware attack using Deadbolt, I guss it's omly fair to point out that this time, the target is Asustor.

    There's a thread on NASCompares talking about it, includi g the advice, if you see the Deadbolt black screen instead of the NAS screen .... DO NOT just pull the plug. Apparently, that can do more harm than good.

    Instead, :-

    - remove LAN cable, then
    - push power button FOR THREE SECONDS (not longer).

    This will do a controlled shutdown, and not risk corrupting the OS in the process.

    Then, you have time to research and prepare what to do next.

    Anyway, .... who next?
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

  2. Received thanks from:

    Jonj1611 (23-02-2022)

  3. #2
    Senior Member Macman's Avatar
    Join Date
    Nov 2010
    Location
    Glasgow
    Posts
    1,530
    Thanks
    195
    Thanked
    97 times in 80 posts
    • Macman's system
      • Motherboard:
      • Z170 Pro Gaming
      • CPU:
      • i9 9900K
      • Memory:
      • 32GB
      • Storage:
      • 5TB
      • Graphics card(s):
      • Nvidia GeForce RTX2080Ti
      • PSU:
      • Corsair 650VS
      • Operating System:
      • Windows 11
      • Monitor(s):
      • 27" Asus Predator

    Re: Asustor NAS Deadbolt ransomware attack ...

    Not necessarily a ransomware but a vulnerability on Synology, reported recently

    https://www.guru3d.com/news-story/vu...-commands.html

  4. Received thanks from:

    Saracen999 (23-02-2022)

  5. #3
    Senior Member
    Join Date
    Aug 2016
    Posts
    3,927
    Thanks
    932
    Thanked
    970 times in 714 posts

    Re: Asustor NAS Deadbolt ransomware attack ...

    At a guess, just about every OS has vulnerabilities. A critical aspect, of course, is what the manufacturer does, how fast they do it, and how dligent they are in notifying users. Synology generally seem to be pretty good.

    I guess it's all part of the rich tapestry of modern online life .... along with internet fraud, ID theft and so on. Almost makes me nostalgic about the ae of the abacus. Almost.

    Nah, can't sell that.
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

  6. #4
    Editable... jimbouk's Avatar
    Join Date
    Aug 2005
    Location
    Exeter
    Posts
    3,096
    Thanks
    324
    Thanked
    284 times in 232 posts
    • jimbouk's system
      • Motherboard:
      • Asrock B450M-HDV R4.0
      • CPU:
      • AMD Ryzen 5 3600
      • Memory:
      • Corsair Vengeance LPX 16 GB (2 x 8 GB) DDR4 3200 MHz C16
      • Storage:
      • Sabrent Rocket Q 1TB NVMe PCIe M.2 2280
      • Graphics card(s):
      • Sapphire Pulse RX 580 8GB
      • PSU:
      • Seasonic Core Gold GC-650
      • Case:
      • Lian-Li PC-V1100 ATX
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • AOC CU34G2/BK 34" Widescreen
      • Internet:
      • EE FTTP

    Re: Asustor NAS Deadbolt ransomware attack ...

    NAS's have many purposes, but if you're purely interested in backup and local shared storage what's the best option? I've got an old ZyXEL box which I turn on periodically but it's well out of support (and my backup system is chaotic). Is a couple of USB drives the best bet? One of 'live' data and one updated every few month that otherwise lives in a drawer? Not the most convenient for more than one machine but fairly safe no?

  7. #5
    Senior Member
    Join Date
    Aug 2016
    Posts
    3,927
    Thanks
    932
    Thanked
    970 times in 714 posts

    Re: Asustor NAS Deadbolt ransomware attack ...

    Quote Originally Posted by jimbouk View Post
    NAS's have many purposes, but if you're purely interested in backup and local shared storage what's the best option? ...
    Well, those are kinda contradictory purposes.

    I mean, a NAS can do either, but not really both at the same time.

    If you have data on othr devices, be it files on yoour PC/laptop, photos on your phone, or whatever, then yes, you can back up to a NAS. BUT if you are using the NAS for locaL shared storage, i.e. say music or video that can be accessed from PC/laptop or your phone, then the NAS is the primary version of the files, not a backup .... if you see what I mean? If you're doing that, then you need to backup the NAS and that can be anywhere except the NAS. It could be a USB drive attached to the NAS, it could be anothr NAS, it could be a different type of remote server. But it needs to be on a different device.

    And for backup, it's highly desirable to have more than one copy. So if you backup a NAS to USB, for instance, I'd suggest two, and alternating between them. You don't really want to find one backup location failed, when you need it because your primary failed, do you?

    Backup is always complicated to give detailed advice about, because the extent that it is worth going to depends very much on what you're backing up, and whatthe consequencesof losing it would be?

    For instance, backing up our photos and a few game saves is a bit less important than a business backing up the data showing who owesit money. In that latter case, at a minimum, it's be a LOT of work to reconstruct sales ledger data from printed records, and at worst, you don't have printed records and losing both primary data and backup = bankruptcy for the business.

    It's always a balance. A more effective and comprehensive backup strategy is likely to involve both extra costs, and extra hassle. The question is .... is it worth the cost and hassle Only you can answer that.

    The 'best' backup for me isn't necessarily the best backup for you.

    One final point. A common misconception is that RAID = backup. It doesn't. RAID is really about resilience, about keeping data available. But consider the ransomware scenario .... IF a user has proper backups, then they can always reset the NAs, rebuild the storage system and restore a backup. In worst case, get a new NAS and start from fresh But if files on the NAS are your 'backup', it's a disaster unless the 'primary' data is on the PC/laptop etc. In which case, the NAS isn't really shared local storage.

    'Best' solution? Maybe :-

    - data on location 1 (maybe NAS)
    - backup on secondary location (maybe another NAS or server)
    - next level of backup on a USB drive
    - next level on yet another drive, stored offsite, or in cloud storage, or tape, optical media or whatever.
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

  8. #6
    Editable... jimbouk's Avatar
    Join Date
    Aug 2005
    Location
    Exeter
    Posts
    3,096
    Thanks
    324
    Thanked
    284 times in 232 posts
    • jimbouk's system
      • Motherboard:
      • Asrock B450M-HDV R4.0
      • CPU:
      • AMD Ryzen 5 3600
      • Memory:
      • Corsair Vengeance LPX 16 GB (2 x 8 GB) DDR4 3200 MHz C16
      • Storage:
      • Sabrent Rocket Q 1TB NVMe PCIe M.2 2280
      • Graphics card(s):
      • Sapphire Pulse RX 580 8GB
      • PSU:
      • Seasonic Core Gold GC-650
      • Case:
      • Lian-Li PC-V1100 ATX
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • AOC CU34G2/BK 34" Widescreen
      • Internet:
      • EE FTTP

    Re: Asustor NAS Deadbolt ransomware attack ...

    Hmm yeah, there are the different use cases and recovery exercises. The rough flow in my head initially was:

    1. NAS storage for 'live' data, exists across 1+ machine plus the NAT (sync'd + shared drive).
    2. NAS storage of backup of 'live' date, only on NAS. Periodic.
    3. Archive storage, only on NAS. Things retired from the live data.


    This leaves the archive storage very vulnerable so would be sensible to have another storage option, USB HDD seems sensible. At the moment I only really have #2, mostly because I only recently got a second computer (laptop) and whilst their are other computers in the house they're less of my concern... As said the NAS is switched off most of the time!

    Just needs some time first to sort out the data actually being stored really!

  9. #7
    Senior Member
    Join Date
    Aug 2016
    Posts
    3,927
    Thanks
    932
    Thanked
    970 times in 714 posts

    Re: Asustor NAS Deadbolt ransomware attack ...

    I find that last bit to be the bit that can be most .... mind-bending. It's also pretty unique to each of us,'cos we do different thuings, and even the things we all do, we often do differently.

    My 'backup' strategy has, let's say, evolved. Over the years, it has moved from floppy disks, to Jumbo (remember them?) tape drives, DC.... 30?, was it DC30?, DAT drives, SLR tape (loved Tandberg drives), ZIP disks, Jaz disks, Plasmon PD phase change, MO drives (from 'ikkle Fujitsu drives upwards), CD-R, DVD-R, Bluray and so on.

    I always separated data into types, and treated accordingly. Like .... photos. Once stored (often source + edited) they were 'archived'. They'd end up with two or three copies, usually on MO or PD-type drives, because, they don't change much, if it all. And, once 'archived', I'd exclude those from other backup methods.

    At the other endof the spectrum from that 'create, store and ignore' type if very infrequentlychanging data, there were things like spreadsheets, my accounting software data files, email archives etc which were constantly changing and/or updated.

    So, I broke things down into "types" of data, with the frequency to which it changed or got updated being central, 'cos it called for different treatment.

    More recently, I've moved (well, moving is more accurate) to my primary being one big (for me) NAS. But I still have several different data types going on.

    1) System images. Macrium Reflect (free) Image files. Really, that's about disaster recovery.

    2) Archive data. Digitised music (CDs, working on LPs, etc), and of course, photos, my video files, etc. And, old accounting data I'm still required to keep (thanks, HMRC .... though almost t the end of that), etc.

    3) "Live" data. Stuff currently in use, maybe on several PCs. Some is stored locally on those PCs, backed up to NAS. Other stuff is stored on NAS for local share, backed up to USB drives.

    4) I'm hovering on the edge of a second NAS. My thinking is this .... back up NAS 1 to NAS 2, and NAS 2 to NAS 1, via rSync. Use two different makes (or types) of NAS. Dunno what, yet. Maybe QNAP and Synology, maybe QNAP and a TrueNAS. Dunno. My logic being if one type of NAS gets hit by ransomware, hopefully it won't also infect a different type, 'cos, different vulnerabilities, etc.

    5) Back up each to different USB drives.


    Still thinking about it, though. It isn't going to be a budget solution, if I do it. It might also be overkill. Dunno. Still noodling it.

    But I'm decluttering (or already have) old PCs and bits furiously. I mean, tape? Still?
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

  10. #8
    Missed by us all - RIP old boy spacein_vader's Avatar
    Join Date
    Sep 2014
    Location
    Darkest Northamptonshire
    Posts
    2,015
    Thanks
    184
    Thanked
    1,086 times in 410 posts
    • spacein_vader's system
      • Motherboard:
      • MSI B450 Tomahawk Max
      • CPU:
      • Ryzen 5 3600
      • Memory:
      • 2x8GB Patriot Steel DDR4 3600mhz
      • Storage:
      • 1tb Sabrent Rocket NVMe (boot), 500GB Crucial MX100, 1TB Crucial MX200
      • Graphics card(s):
      • Gigabyte Radeon RX5700 Gaming OC
      • PSU:
      • Corsair HX 520W modular
      • Case:
      • Fractal Design Meshify C
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • BenQ GW2765, Dell Ultrasharp U2412
      • Internet:
      • Zen Internet

    Re: Asustor NAS Deadbolt ransomware attack ...

    Quote Originally Posted by Saracen999 View Post
    I'm hovering on the edge of a second NAS. My thinking is this .... back up NAS 1 to NAS 2, and NAS 2 to NAS 1, via rSync. Use two different makes (or types) of NAS. Dunno what, yet. Maybe QNAP and Synology, maybe QNAP and a TrueNAS. Dunno. My logic being if one type of NAS gets hit by ransomware, hopefully it won't also infect a different type, 'cos, different vulnerabilities, etc.
    Another issue with this is (as shown by the log4j issues,) that as all NAS devices tend to rely on a some of the same open protocols and/or open sourced code a vulnerability affecting one could easily affect all.

    For this and the other reasons you mentioned I'm not sure the minimal reliability gains outweigh the cost in both time and money.

    Related xkcd: https://xkcd.com/2347/

  11. Received thanks from:

    Saracen999 (23-02-2022)

  12. #9
    Senior Member
    Join Date
    Aug 2016
    Posts
    3,927
    Thanks
    932
    Thanked
    970 times in 714 posts

    Re: Asustor NAS Deadbolt ransomware attack ...

    Probably right, spacein. Of course, it's also 'cos part of me wants to play with the Synology. Did I say 'play'. I meant, use. Yup, use.

    Actually, seriously, version 1 of the plan was just to use another NAS, probably identical, as part of a backup strategy. Not only could I use it to back up files, but as a hardware spare in the event of a failure with the NAS. And, from there, I wondered about a different NAS, rather than a second, identical one.
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •