Page 1 of 3 123 LastLast
Results 1 to 10 of 22
  1. #1
    Junior Member
    Join Date
    Aug 2005
    Location
    Wellington
    Posts
    435

    Default Hacked by Deadbolt!

    We were warned about this, and I thought I would be OK, but no...

    On Friday evening my Asus Asustor NAS was hacked by Deadbolt and most (not all) files on it were locked. My use of the NAS is fairly basic - Windows system and data files (ie everything else) on my desktop, laptop and my wife's laptop are backed up to it, and it is also used for files that are shared among the the different PCs, including music, photo and video libraries. Because I am a bit paranoid about backups, the NAS itself is regularly backed up to a USB HD attached to the desktop - I am now glad to be paranoid. The NAS is never used to connect directly to the internet, and that led me to believe I was safe.

    Interestingly, only the backup files (stored in a single "Backup" folder with subfolders for the different devices) were locked. The shared files are still accessible. The net result is that I have not lost anything that can't be recovered.

    The real problem is that I am locked out of the set-up screens for the NAS. I am faced with a full screen telling me the data have been locked and to unlock it I must pay 0.03 Bitcoin to the hackers. By my reckoning that comes to a couple of thousand $NZ, and there is no way I will give them that. It would be cheaper to buy a new NAS.

    My question is, is there any way of unlocking NAS setup? I realise that it is probably not simple, otherwise the hackers would not bother, but I would like to know what my options are.

  2. #2
    Senior Member
    Join Date
    Jan 2005
    Location
    Porirua
    Posts
    3,427

    Default Re: Hacked by Deadbolt!

    Interesting, as the warnings were for devices 'exposed to the internet'.

  3. #3
    VoidMaster
    Join Date
    Dec 2004
    Posts
    6,918

    Default Re: Hacked by Deadbolt!

    It's not the least charm of a theory that it is refutable. The hundred-times-refuted theory of "free will" owes its persistence to this charm alone; some one is always appearing who feels himself strong enough to refute it - Friedrich Nietzsche

  4. #4
    amateur expert dugimodo's Avatar
    Join Date
    Dec 2005
    Posts
    8,252

    Default Re: Hacked by Deadbolt!

    Does yours have a reset button on the back ? should reset the password and network settings. See 2nd option here https://itenterpriser.com/how-to/how...r-asustor-nas/ worth a try maybe.

    Edit: I see the reset button can be disabled so might not be any use

    I had no Idea about this so thanks, my Asus NAS is currently updating to the latest firmware with a whole lot of security patches included.

    I also have a QNAP NAS that hasn't been turned on in more than a year, at least I know it's secure Replaced it with the Asus and never decided what to do with it.
    Ryzen 2700X, 16Gb DDR4RAM, 512GB M.2 NVME SSD, MSI GTX1070

  5. #5
    Junior Member
    Join Date
    Aug 2005
    Location
    Wellington
    Posts
    435

    Default Re: Hacked by Deadbolt!

    Quote Originally Posted by zqwerty View Post
    Thanks, I had a look at that link. Problem is, it seems it will unlock the encrypted files, but that is not the issue for me. I need to be able to access the NAS setup software.

  6. #6
    Junior Member
    Join Date
    Aug 2005
    Location
    Wellington
    Posts
    435

    Default Re: Hacked by Deadbolt!

    Thanks. Yeah, I thought of that about 15 minutes ago.

    Problem solved? Unfortunately no, the reset button does a soft reset of the system, but does not affect the ransomware sitting there. I think need a factory reset, and this is provided for, but first you must log into the NAS and that is just what I can't do!

  7. #7
    Junior Member
    Join Date
    Aug 2005
    Location
    Wellington
    Posts
    435

    Default Re: Hacked by Deadbolt!

    Quote Originally Posted by dugimodo View Post
    Does yours have a reset button on the back ? should reset the password and network settings. See 2nd option here https://itenterpriser.com/how-to/how...r-asustor-nas/ worth a try maybe.

    Edit: I see the reset button can be disabled so might not be any use

    I had no Idea about this so thanks, my Asus NAS is currently updating to the latest firmware with a whole lot of security patches included.

    I also have a QNAP NAS that hasn't been turned on in more than a year, at least I know it's secure Replaced it with the Asus and never decided what to do with it.
    Thanks. Yeah, I thought of that about 15 minutes ago.

    Problem solved? Unfortunately no, the reset button does a soft reset of the system, but does not affect the ransomware sitting there. I think need a factory reset, and this is provided for, but first you must log into the NAS and that is just what I can't do!

  8. #8
    amateur expert dugimodo's Avatar
    Join Date
    Dec 2005
    Posts
    8,252

    Default Re: Hacked by Deadbolt!

    Trying to make sense of the Asus help pages here https://www.asustor.com/en/knowledge...=&group_id=628
    and here https://www.asustor.com/en/knowledge...6&group_id=630

    They make no mention of log in issues, just tell you to unplug the ethernet and power down by holding the power button for 3 seconds, then the next page walks you through the initialization and update of the NAS, maybe powering it down triggers that ?

    There is this farther down the second link

    If the ransomware page remains after you connect to a network:

    Please turn off your NAS, remove all hard drives and reboot.
    When the initialization page appears, reinsert the hard drives.
    Please follow the instructions above to update your NAS.
    this will wipe everything by the looks
    Ryzen 2700X, 16Gb DDR4RAM, 512GB M.2 NVME SSD, MSI GTX1070

  9. #9
    Junior Member
    Join Date
    Aug 2005
    Location
    Wellington
    Posts
    435

    Default Re: Hacked by Deadbolt!

    Quote Originally Posted by dugimodo View Post
    Trying to make sense of the Asus help pages here https://www.asustor.com/en/knowledge...=&group_id=628
    and here https://www.asustor.com/en/knowledge...6&group_id=630

    They make no mention of log in issues, just tell you to unplug the ethernet and power down by holding the power button for 3 seconds, then the next page walks you through the initialization and update of the NAS, maybe powering it down triggers that ?

    There is this farther down the second link



    this will wipe everything by the looks
    Thanks for that information. I looked at the links that you supplied, and my first impression was that were pretty opaque. I followed the procedures they mention (or at least my interpretation of them), and I must say that what I saw on my screen bore no relation to their diagrams. It was all to no avail, I'm afraid. Then I tried uninstalling the NAS controller software and reinstalling from the original CD. That came to halt when it asked me for a user-name and password - the name is 'admin', but I have no record of the default password (I wiped the password that I set yonks ago when I did the software reset earlier) and my attempts to guess it got nowhere.

    I see no point in flailing around any further. The NAS is 5 years old, so I will replace it and be bit more aggressive with the protection settings.

    One question that intrigues me is "Why me?" I don't really think I was targeted, so do the characters behind these events simply flood the web with their product that searches IP addresses for tell-tale signs that identify potential victims? Now, if Christopher Luxon wants to get tough on someone...

    Thanks to all who showed interest in this situation.

  10. #10
    VoidMaster
    Join Date
    Dec 2004
    Posts
    6,918

    Default Re: Hacked by Deadbolt!

    Most probably User: "admin" password: "admin" if it has reverted back to factory setup.
    It's not the least charm of a theory that it is refutable. The hundred-times-refuted theory of "free will" owes its persistence to this charm alone; some one is always appearing who feels himself strong enough to refute it - Friedrich Nietzsche

Similar Threads

  1. Been or being hacked ?!?!
    By SP8's in forum PressF1
    Replies: 3
    Last Post: 16-05-2009, 06:10 PM
  2. Been hacked ...
    By Geek4414 in forum PressF1
    Replies: 5
    Last Post: 14-09-2007, 11:35 PM
  3. Hacked
    By Peterj116 in forum PC World Chat
    Replies: 6
    Last Post: 12-11-2005, 01:47 PM
  4. Hacked.what do I do now?
    By bejand in forum PressF1
    Replies: 27
    Last Post: 11-10-2004, 04:28 PM
  5. Hacked!
    By in forum PressF1
    Replies: 0
    Last Post: 26-09-1999, 10:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •