Using an Asustor NAS? Shut it down immediately!


Userlevel 7
Badge +6

Hi everyone,

 

Quick one here due to time sensitivity. Deadbolt, the ransomware that has previously been utilised to attack QNAP NAS devices, has been used to attack Asustor NAS devices.

 

Looks like there’s an exploit in the EZ Connect system, so advice is currently to disconnect the NAS from the internet and disable this service on the NAS.

 

https://www.tomshardware.com/news/if-you-own-an-asustor-nas-shut-it-down-now

 

The official Reddit mega thread has been pouring through the services that could’ve exploited the NAS whilst Asustor are looking into this.

 

Even Asustor’s live demo page got impacted! (Won’t post a link due to potentially malicious content, it’s in the Reddit thread if anyone is feeling brave/stupid)

 

I’ve been affected, what do I do?

 

Shut down the NAS immediately, this will prevent further ransomware damage.

Do not initialise the NAS or you’ll lose your data on your disks.

Await further updates from Asustor for the OS remediation steps. At this point you’ll likely need to utilise your own backups of data to restore anything lost.

 

I’ve not been affected, what should I do?

 

The attack is still ongoing, disconnect your NAS from the internet if you’re 100% sure you haven’t been compromised and if in any doubt at all, switch the device off and await further information about how the attack is being carried out, that Asustor have prevented further attacks, and the steps to mitigate future attacks.


14 comments

Userlevel 7
Badge +5

Thank you @MicoolPaul for sharing. 

To enhance NAS security (keep NAS devices secure and shield against future attacks), kindly follow these guides for a series of recommendations and best practices.

Userlevel 7
Badge +6

Wow that is quite the vulnerability. Hopefully no one here gets hit by this and follows the good advice given.

Userlevel 7
Badge +3

Thank you @MicoolPaul for sharing !

Userlevel 7
Badge +4

Thank you @MicoolPaul for sharing! :scream:

Userlevel 7
Badge +5

Never heard about “Asustor” brand. Thanks for sharing @MicoolPaul

With QNAP’s story it was disastous the forcing update by vendor on already corrupted nas...

Userlevel 7
Badge +6

With all those security issues with NAS boxes, it's probably best not to publish such devices directly to the internet at all…

 

Userlevel 6
Badge +1

Had one client with an AsuSTOR.  Thing decided to stop working one day…..still need to try and get the data off of the disks but I need to be able to rebuild the 8 SATA drive array.  I’ll stick with Synology, or better yet, purpose-built servers instead of a NAS.

Userlevel 7
Badge +6

Had one client with an AsuSTOR.  Thing decided to stop working one day…..still need to try and get the data off of the disks but I need to be able to rebuild the 8 SATA drive array.  I’ll stick with Synology, or better yet, purpose-built servers instead of a NAS.

The amount of times a Dell based Windows Storage Server has been cheaper than a “proper” business grade Synology is surprising!

 

@regnor hearing talk of people just having the services enabled and UPnP is doing the forwarding. Sounds like people with Plex enabled have been port scanned potentially and then attacked via a vulnerability on the EZ-Connect service. But it’s still a developing situation so take this with a pinch (really a handful) of salt

Userlevel 7
Badge +6

Agree, the NAS boxes are great for private use. I have a QNAP box at home which is running for 11 years without problems now.

But in professional environments with higher requirements they are a horror...

Userlevel 7
Badge +6

Agree, the NAS boxes are great for private use. I have a QNAP box at home which is running for 11 years without problems now.

But in professional environments with higher requirements they are a horror...

I recycled my NAS a few years ago as it didn’t support any SMB newer than v1! 🤣

Userlevel 6
Badge +1

Agree, the NAS boxes are great for private use. I have a QNAP box at home which is running for 11 years without problems now.

But in professional environments with higher requirements they are a horror...

I recycled my NAS a few years ago as it didn’t support any SMB newer than v1! 🤣

I have an old Intel NAS that won’t do NFS v3, and the SMB/CIFS is really slow.  But I also have a DS218+ that works great using NFS.  I just got another, so I might do some shared storage on iSCSI, but debating since it’s only a 2-bay unit.

 

Userlevel 6
Badge +1

The amount of times a Dell based Windows Storage Server has been cheaper than a “proper” business grade Synology is surprising!

True story.  We tend to do R540’s if we need a few drive bays, or R440’s or even R340’s if we only need a couple and not much compute. If we need a LOT of drive bays, we do a T640 in either a rack or tower config with 18 bays.  In really small deployments like a ROBO a T40 or T140 fit the bill.  And the pricing over a NAS with hard drives, no refresh lifecycle, no enterprise support…...the Dell should win out every time.

Userlevel 7
Badge +6

The amount of times a Dell based Windows Storage Server has been cheaper than a “proper” business grade Synology is surprising!

True story.  We tend to do R540’s if we need a few drive bays, or R440’s or even R340’s if we only need a couple and not much compute. If we need a LOT of drive bays, we do a T640 in either a rack or tower config with 18 bays.  In really small deployments like a ROBO a T40 or T140 fit the bill.  And the pricing over a NAS with hard drives, no refresh lifecycle, no enterprise support…...the Dell should win out every time.

Ok, but do you use these for important data? There is not much redundancy in them.

A proper storage system has two controllers, a lot more disks and Interfaces.

I use the server as storage for small environments or less important data only.

What do you think about this?

Userlevel 7
Badge +6

The amount of times a Dell based Windows Storage Server has been cheaper than a “proper” business grade Synology is surprising!

True story.  We tend to do R540’s if we need a few drive bays, or R440’s or even R340’s if we only need a couple and not much compute. If we need a LOT of drive bays, we do a T640 in either a rack or tower config with 18 bays.  In really small deployments like a ROBO a T40 or T140 fit the bill.  And the pricing over a NAS with hard drives, no refresh lifecycle, no enterprise support…...the Dell should win out every time.

Ok, but do you use these for important data? There is not much redundancy in them.

A proper storage system has two controllers, a lot more disks and Interfaces.

I use the server as storage for small environments or less important data only.

What do you think about this?

For non-enterprise it makes a lot of sense. You’ve still got a proper RAID controller, SAS drives and either RAID 6 or 60 available. Can focus on redundancy via SOBR instead.

Comment