What you need to know
- Owners of ASUSTOR NAS have reported having their data locked away due to ransomware attacks.
- Like the QNAP DeadBolt attack, ASUSTOR NAS owners are having their data held to ransom for Bitcoin payments.
- ASUSTOR recommended all owners disconnect and shut down NAS enclosures immediately.
Reports are coming in on Reddit and the official ASUSTOR forum that NAS enclosures are being attacked by DeadBolt ransomware, similar to what affected QNAP servers. DeadBolt infects the NAS and encrypts the data stored on installed drives, blocking access for the owner.
The GUI is then altered to show a customized screen with details on the attack and request for payment. This attack seems to have taken place on NAS with different configurations. It doesn't seem to matter if EZConnect is enabled and we're not yet sure what's the cause for allowing such an external attack to take place.
As reported by Tom's Hardware, this also makes it impossible to know which models are vulnerable (if not all). Affected NAS owners are being asked to provide 0.03 Bitcoin for an encryption key to be sent across. I don't recommend you do so unless your data is incredibly important and ASUSTOR is unable to provide a solution.
ASUSTOR is currently recommending affected NAS owners to:
- Disconnect the NAS from the LAN.
- Shut down the NAS (press and hold the power button for three seconds).
- Do NOT turn on the NAS once shut down.
- Fill out this Google Form for an ASUSTOR technician to respond and provide assistance.
If you haven't yet been affected, I'd highly recommend you back up all the data saved on the NAS (even if you own the best NAS). Ensure automated updates are disabled, disable SSH, and block all external access to the NAS (limit the enclosure to the LAN). This is a perfect time to invest in an external drive to store a copy of all the files stored on your NAS.
