• October 13, 2024, 03:33:14 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: D-Link NAS Owners :: Regarding CripTor Ransomware  (Read 13857 times)

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
« Last Edit: March 15, 2019, 07:35:38 AM by GreenBay42 »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Re: D-Link NAS Owners :: Regarding CripTor Ransomware
« Reply #1 on: February 26, 2019, 10:17:37 AM »

If you have a D-Link NAS device:

1. Make sure you have the latest firmware  (USA - support.dlink.com    Rest of world - tsd.dlink.com.tw)
2. REMOVE NAS FROM THE INTERNET
3. Backup your files
4. Make sure you have latest OS updates on your computers.
5. Run malware and anti-virus scans on your computers. This ransomware can get delivered via your computer to your NAS.
6. Update your browsers (especially Chrome).

Note:  If you have important "my life will be ruined if I lose these" files, BACK THEM UP....twice. NEVER EVER EVER have important files available via Internet or in cloud storage.

Affected devices - DNS-320, DNS-320L, and DNS-325.  Note that firmware fixes WILL NOT restore your encrypted files.

For DNS-320 Ax/Bx users, a security patch firmware version will be available soon. Until it is available, please disable the port forwarding service and DMZ setting on your router to prevent direct access by the ransomware.

D-Link DNS-325 has passed its end of service date as displayed on its product support page. Once a product is end of service, it is no longer supported by D-Link through customer support and it does not receive software/firmware updates. For these models, please remove the Internet access of NAS on your router by disabling the port forwarding and DMZ setting.
« Last Edit: March 15, 2019, 07:36:08 AM by GreenBay42 »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: D-Link NAS Owners :: Regarding CripTor Ransomware
« Reply #2 on: February 26, 2019, 10:36:37 AM »

An alternative to keeping NAS on line:
"If users put their DNS on a static IP address, they can go into the router "Access Control" section and put the DNS IP on a blacklist, so it will be invisible to the Internet. That will block 100% of direct attacks, but doesn't help if an infected PC on a LAN hits the DNS."

Do a search with your favorite search engine and you might find fixes to this:
"Cr1ptT0r Ransomware"
« Last Edit: February 26, 2019, 11:50:11 AM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Re: D-Link NAS Owners :: Regarding CripTor Ransomware
« Reply #3 on: April 11, 2019, 12:43:32 PM »

Firmware has been released to fix the Cr1pT0r ransomware virus. Note this or any firmware will NOT recover encrypted files.

Rev A1 / A2 - ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DNS-320/REVA/DNS-320_REVA_FIRMWARE_v2.06B01.zip

Rev B1 / B2 - ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DNS-320/REVB/DNS-320_REVB_FIRMWARE_v1.03B01.zip
« Last Edit: April 18, 2019, 10:23:41 AM by GreenBay42 »
Logged