D-Link Forums

Announcements => Security Advisories => Topic started by: FurryNutz on February 26, 2019, 07:04:26 AM

Title: D-Link NAS Owners :: Regarding CripTor Ransomware
Post by: FurryNutz on February 26, 2019, 07:04:26 AM
FYI:
Link > D-Link NAS Owners :: Regarding CripTor Ransomware (https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10110)
Title: Re: D-Link NAS Owners :: Regarding CripTor Ransomware
Post by: GreenBay42 on February 26, 2019, 10:17:37 AM
If you have a D-Link NAS device:

1. Make sure you have the latest firmware  (USA - support.dlink.com (http://support.dlink.com)    Rest of world - tsd.dlink.com.tw (http://tsd.dlink.com.tw))
2. REMOVE NAS FROM THE INTERNET
3. Backup your files
4. Make sure you have latest OS updates on your computers.
5. Run malware and anti-virus scans on your computers. This ransomware can get delivered via your computer to your NAS.
6. Update your browsers (especially Chrome).

Note:  If you have important "my life will be ruined if I lose these" files, BACK THEM UP....twice. NEVER EVER EVER have important files available via Internet or in cloud storage.

Affected devices - DNS-320, DNS-320L, and DNS-325.  Note that firmware fixes WILL NOT restore your encrypted files.

For DNS-320 Ax/Bx users, a security patch firmware version will be available soon. Until it is available, please disable the port forwarding service and DMZ setting on your router to prevent direct access by the ransomware.

D-Link DNS-325 has passed its end of service date as displayed on its product support page. Once a product is end of service, it is no longer supported by D-Link through customer support and it does not receive software/firmware updates. For these models, please remove the Internet access of NAS on your router by disabling the port forwarding and DMZ setting.
Title: Re: D-Link NAS Owners :: Regarding CripTor Ransomware
Post by: FurryNutz on February 26, 2019, 10:36:37 AM
An alternative to keeping NAS on line:
"If users put their DNS on a static IP address, they can go into the router "Access Control" section and put the DNS IP on a blacklist, so it will be invisible to the Internet. That will block 100% of direct attacks, but doesn't help if an infected PC on a LAN hits the DNS."

Do a search with your favorite search engine and you might find fixes to this:
"Cr1ptT0r Ransomware"
Title: Re: D-Link NAS Owners :: Regarding CripTor Ransomware
Post by: GreenBay42 on April 11, 2019, 12:43:32 PM
Firmware has been released to fix the Cr1pT0r ransomware virus. Note this or any firmware will NOT recover encrypted files.

Rev A1 / A2 - ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DNS-320/REVA/DNS-320_REVA_FIRMWARE_v2.06B01.zip (ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DNS-320/REVA/DNS-320_REVA_FIRMWARE_v2.06B01.zip)

Rev B1 / B2 - ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DNS-320/REVB/DNS-320_REVB_FIRMWARE_v1.03B01.zip (ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DNS-320/REVB/DNS-320_REVB_FIRMWARE_v1.03B01.zip)