Quick one here due to time sensitivity. Deadbolt, the ransomware that has previously been utilised to attack QNAP NAS devices, has been used to attack Asustor NAS devices.
Looks like there’s an exploit in the EZ Connect system, so advice is currently to disconnect the NAS from the internet and disable this service on the NAS.
The official Reddit mega thread has been pouring through the services that could’ve exploited the NAS whilst Asustor are looking into this.
Even Asustor’s live demo page got impacted! (Won’t post a link due to potentially malicious content, it’s in the Reddit thread if anyone is feeling brave/stupid)
I’ve been affected, what do I do?
Shut down the NAS immediately, this will prevent further ransomware damage.
Do not initialise the NAS or you’ll lose your data on your disks.
Await further updates from Asustor for the OS remediation steps. At this point you’ll likely need to utilise your own backups of data to restore anything lost.
I’ve not been affected, what should I do?
The attack is still ongoing, disconnect your NAS from the internet if you’re 100% sure you haven’t been compromised and if in any doubt at all, switch the device off and await further information about how the attack is being carried out, that Asustor have prevented further attacks, and the steps to mitigate future attacks.