Protect Yourself from the asustor Deadbolt Ransomware attack

Recently the asustor NAS devices have been hit by an ugly ransomware attack called Deadbolt. How can you protect yourself for attachs such as the Deadbolt Ransomware attack? Asus is not the first to get hit with these types of attacks. WD MyBookLive, QNAP have also been hit recently and Synology is also susceptible to these types of attacks.

NAS units used by home and small-business users are a juicy target for ransomware attackers, who know they're packed with valuable data, including backups of primary servers and systems.



ASUS Response

https://www.asustor.com/en/knowledge/detail/?id=&group_id=628

In response to Deadbolt ransomware attacks affecting ASUSTOR devices, myasustor.com DDNS service will be disabled as the issue is investigated.

For your protection, we recommend the following measures:

  • Change default ports, including the default NAS web access ports of 8000 and 8001 as well as remote web access ports of 80 and 443.
  • Disable EZ Connect.
  • Make an immediate backup.
  • Turn off Terminal/SSH and SFTP services.

The PROBLEM WITH MOST NAS DEVICES TODAY

Most NAS devices are equipped with some sort of "Remote Access" software as a way to provide offsite users with a way to access the data on the NAS. In most cases most of these ways have been exploited by hackers who are relentless in trying to gain access to your data. Following are just some of the popular NAS's and the software they provide to give you remote access to the NAS.

  • Asustor - EZ Connect (compromised Feb 2022)
  • WD MyBookLive NAS - Remote Access (Compromised June 2021)
  • QNAP - myQNAPcloud Link (Compromised (Jan 2022)
  • Synology NAS - External Access QuickConnect (Compromised July 2019)

Hackers are continually looking for ways to get into these popular NAS devices. Therefore we do not recommend using any of these "Remote Access" tools and "services" that are offered today. We recommend for you to block all "port forwards" and "firewall access" to your NAS Devices. The proper way to to connect to your NAS Remotely is to use a VPN.

HOW TO SECURE YOUR NAS

One way you can secure your NAS is to remove all open ports in your firewall to you NAS. Your NAS should only be accessible from the inside of you network. If your NAS has a firewall make sure it is turned on and your internal network is secure. These are a few attional tips you should check to help secure your NAS.

  • Block all ports From the Firewall to the NAS, and only allow connections from inside the network. (Disable Port Forwarding)
  • Change the Default Admin Username and Password.
  • Enable SSL. (Disable non-SSL connections)
  • Enable Two-factor Authentication. (Especially for Admin Access)
  • Enable the Firewall on your NAS.(If it has one)
  • Deactivate All Services You Don't Use. (this includes Apps)
  • Change the Default Login Ports.
  • Keep the NAS Software updated Regularly.
  • Make Sure Your Local Network is Secure.
  • Practice 3-2-1 Backups (3 Copies of your data, 2 Copies on local network, 1 Copy offsite)

THE PROPER WAY TO CONNECT TO YOUR NAS (Remotely)

Having your NAS open to the Internet is always a risky situation and using a VPN to get to your local data without the need to expose your NAS via a number of ports to the Internet is nothing new. VPN's have been around for decades.

VPN stands for Virtual Private Network. This means that it will allow you to connect from a remote location to your home or business and use any services, data, or devices like you never left. So why is this better than just simply accessing your data via the Internet on an exposed port? Well, the big difference is that VPN traffic is encrypted, and best of all you can access your resources the same way as you would if you have a local connection. VPN's also have logging capabilities.

Another benefit is that it is more secure. You have the option of using not only an Encryption Key, but also using a password. This in effect enables 2FA for all connections to your network.

Once you are connected to your VPN you can now connect to your NAS as if you were on your local network.

RECOMMENDED VPN's

Choosing a VPN protocol is important. We recommend the following opensource solutions for a VPN to secure your network...

  • OpenVPN (opensource)
  • Wireguard VPN (opensource)

CONCLUSION

Once set up, your authorized users can connect to the VPN — and your entire office network inclulding your NAS — remotely. Imagine going on a business trip and being able to remotely and securely access your network.

Need help addressing access and security for your office network? We at Clustered Networks can help. Contact us to schedule a free network security assessment.


Clustered Networks

Located in Edmonton, AB Canada, Clustered Networks was Incorporated in 2001 and has offered Network / Internet and IT Consulting services for over 20 years. We offer personalized service! Call Us Today! - Click Here for our Contact Info

#asustor #deadbolt #ransomware

Posted in Linux Network Admin Tips, Network Security Tips, Tech How To on Feb 22, 2022