Asustor NAS devices were hit by Deadbolt ransomware

Asustor, a NAS server manufacturer under ASUS, has been attacked by Deadbolt ransomware, and many users have reported on the ASUS Technology forum. From the screenshot, all the data on the NAS server is encrypted. When a user was infected by the ransomware, they will be prompted to pay 0.03 bitcoins to obtain the decryption key. If there is no decryption key, all data can only be destroyed.

Source: BleepingComputer.com

Unconfirmed sources claim that the attack on ASUSTOR’s NAS is somewhat different from QNAP, and Deadbolt ransomware may have been hacked through ASUSTOR’s Plex suite or EZ Connect. Plex is a very well-known server multimedia playback platform that users can install on NAS such as Synology, QNAP, and ASUSTOR.

In theory, as long as it is not exposed to the public network, the probability of being infected will be much smaller, because Deadbolt ransomware finds these NAS through public network scanning and then uses different vulnerabilities. ASUSTOR states that:

In response to Deadbolt ransomware attacks affecting ASUSTOR devices, the myasustor.com DDNS service will be disabled as the issue is investigated. ASUSTOR will release more information with new developments as we investigate and review the causes to ensure this does not happen again. We remain committed to helping affected customers in every way possible. For your protection, we recommend the following measures:

Change default ports, including the default NAS web access ports of 8000 and 8001, as well as remote web access ports of 80 and 443.

• Disable EZ Connect.
• Close Plex Ports and disable Plex.
• Make an immediate backup.
• Turn off Terminal/SSH and SFTP services.