Users of Asustor network attached storage (NAS) devices are now vulnerable to the DeadBolt ransomware that had recently locked up the data for some QNap users.
The cyber criminals behind it are asking for ransom from affected users to decrypt the files as well as from Asustor itself, for a master key that would unlock the files for all users.
So far, Asustor has released a recovery firmware to unlock the NAS devices and protect against future attacks. However, this won’t recover the data, which is usually more valuable.
Asustor has advised users to back up their data, especially in separate devices, so that they have a copy that they can get back to.
However, it is also time to reconsider one feature that NAS and home networking devices have included in recent years- remote access. Without this, the Deadbolt ransomware cannot be as easily installed on victims’ devices.
Asustor has advised users to change some settings, such as the default HTTP/HTTPS ports (8000 and 8001 respectively), as well as Web server ports (80 and 433).
Rightly, it has also advised users to turn off terminal/SSH and SFTP services and other services you don’t use.
Today’s retail NAS devices are often servers running Linux, so if you use your NAS primarily for storage, you should turn off the other features.
If you do not connect to your NAS remotely, say when you are working outside your home, there’s also no reason to open it up to an external user from outside your home network.
For many users, this means not opening a port on your router or gateway and forwarding traffic to your NAS.
Hackers scan for vulnerabilities across many Net-connected devices at one go – you don’t want them to detect your NAS behind your router and find a vulnerability on it.
Indeed, this advice on remote access should apply to other network devices at home, including your network router, which today often comes with mobile app access.
If you don’t need to connect to a connected device from outside your home network, simply disable it. This would help reduce the attack surface that is at risk.
Even if you do need to log in from time to time, say, when you are working at a cafe or while overseas, you should try to open up remote access only during that period, thus reducing the exposure.
Always make sure that your devices are updated regularly, of course, and have the data backed up securely (you don’t want that stolen, either!).
