The message that appears on affected Asustor NAS devices. | Image: Reddit user Patrick12289
Owners of various Asustor Network Attached Storage (NAS) device models took to Reddit and the company’s official forum today, alerting others of an active ransomware attack holding hostage their media libraries and other stored data (via Windows Central and Tom’s Hardware). At first, it was suspected that users using Asustor’s EZConnect configuration feature were vulnerable, but according to accounts from some affected Reddit users, they had the service turned off on their NAS.
The r/asustor community is keeping track of the available information here, and after cross-referencing the services on affected devices, suspect Plex as one of the possible attack vectors.
Asustor is actively investigating the ransomware attack, known as Deadbolt, and posted a blog on its site indicating that the myasustor.com Dynamic Domain Name Service (DDNS) has been disabled temporarily for safety. The company advises those not yet affected by Deadbolt to take the following preventative measures:
Change default ports, including the default NAS web access ports of 8000 and 8001, as well as remote web access ports of 80 and 443.
Disable EZ Connect.
Make an immediate backup.
Turn off Terminal/SSH and SFTP services.
But for those who were not lucky enough to protect themselves and have the unsavory ransomware message on the Asustor NAS GUI, the company advises to completely take it offline by taking the following measures:
Unplug the Ethernet network cable
Safely shut down your NAS by pressing and holding the power button for three seconds.
Do not initialize your NAS, as this will erase your data.
Fill out the form (here). Our technicians will contact you as soon as possible.
Ransomware attacks have been on the rise affecting a wide amount of people, including last year’s Colonial Pipeline attack that caused gas shortages and panic along the southeast coast, and also last Christmas’s attack on Kronos that could’ve left many people without paychecks.
Ransomware attacks targeting a niche consumer network product like Asustor NASs are not as high profile, but it does serve as a reminder to always keep your data backed up. In this case, people might lose a bunch of their media and lose their Plex servers, which have already suffered enough in 2022.