Deadbolt Ransomware Attacks on Asustor NAS Devices

Update on 24 Feb 2022:

In response to the Deadbolt ransomware attacks, Asustor's ADM firmware has been upgraded to fix related security issues. Users are advised to upgrade to the latest versions immediately.

Original Alert published on 23 Feb 2022:

There have been reports of Deadbolt ransomware attacks on Asustor Network Attached Storage (NAS) devices. The affected NAS will have their files encrypted with a ‘.deadbolt’ extension.

Users of Asustor NAS devices who have been affected by Deadbolt ransomware are advised to follow the steps listed below:

1. Unplug the Ethernet network cable

2. Safely shut down the NAS by pressing and holding the power button for three seconds

3. Do not initialise the NAS as this will erase your data

4. Fill out the form listed in this link to contact Asustor for assistance: 

   https://support.asustor.com/

If your NAS has not been affected, Asustor recommends the following mitigating measures for Asustor NAS users to adopt to protect their NAS device:

• Change default ports, including the default NAS web access ports of 8000 and 8001 as well as remote web access ports of 80 and 443

• Disable EZ Connect

• Make an immediate backup

• Turn off Terminal/SSH and SFTP services

If there is no need to access the NAS remotely from the Internet, users could consider removing their device from the Internet.

For more details on the latest security advisory and updates, users may refer to Asustor's website for more information: https://www.asustor.com/en-gb/knowledge/detail/?id=&group_id=629

References:

https://nascompares.com/2022/02/21/asustor-nas-drives-getting-hit-by-deadbolt-ransomware/
https://forum.asustor.com/viewtopic.php?f=45&t=12630
https://www.asustor.com/en-gb/online/College_topic?topic=353