Asustor NAS are attacked by ransomware. Disabling remote access features is recommended
Asustor’s NAS is the target of DeadBolt ransomware attacks. It encrypts all data stored on hard drives and requires a redemption of 0.03 BTC – approximately 4800 lei at the time of publication of the article.
The Scary Forum has already been stormed by hundreds of users with affected NAS. Infection with the new ransomware comes to light when unusually large I / O activities are recorded and encrypted “.deadbolt” files begin to appear.
There is currently no solution for free data decryption, and affected users are advised to disconnect their NAS from the Internet and securely shut down their drives.
Those who have not been affected are advised to change the access ports for the remote administration interface, make a backup backup, and disable EZ Connect, SSH, and SFTP features.
At the moment, the manufacturer has not communicated which models of NAS are affected, nor has it set a deadline for the provision of security patches. However, it is committed to helping to recover data from the affected units.