• March 18, 2024, 10:50:44 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Sharecenter - Cr1pT0r Ransomware Vulnerability WARNING!!!  (Read 10176 times)

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Sharecenter - Cr1pT0r Ransomware Vulnerability WARNING!!!
« on: January 04, 2020, 12:34:12 PM »

ShareCenter Ransomware Vulnerability

OVERVIEW

  • Affected Devices: DNS-320, DNS-320L, DNS-323, DNS-325, DNS-327L, DNS-340L, DNS-343, DNS-345
  • Threat Overview: https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10110
  • Description: If the NAS is successfullu attacked it will encrypt file and demand the user pay a fee to have the decrypted.  Please upgrade to the latest firmware for your model. The only known way for these type of ransomware can be mitigated is to reformat you entire NAS which will result in the loss of all stored information.

STATUS

D-Link is currently investigating this issue.

BEST SOLUTION

The following are recommendations that will minimize the potential impact by this security threat until a fix is made available

  • Upgrade to the latest firmware available for your ShareCenter. (AND ONE OF THE FOLLOWING THREE OPTIONS)
  • Only use your ShareCenter while Internet access is disabled.
  • Shutdown your ShareCenter until a fix is availble.
  • Place your ShareCenter behind a hardware firewall

ALTERNATIVE SOLUTION (WILL MINIMIZE EXPOSURE BUT NOT 100% GUARANTEE OF SAFTEY)

The following approach will prevent direct attacks from the Internet, but will not protect your ShareCenter from an infected PC within your LAN:

If you own a D-Link router, use the ACCESS CONTROL feature to block direct attacks from the Internet. The ACCESS CONTROL feature allows you to blacklist the ShareCenter IP address, so it will be invisible/blocked from attacks from the Internet.
  • Upgrade to the latest firmware available for your ShareCenter
  • Assign a STATIC IP ADDRESS to your ShareCenter in your ROUTER (preferable) or from within the ShareCenter firmware
  • D-Link Router:  ADVANCED > ACCESS CONTROL
  • STEP 1: CHOOSE POLICY NAME:
    • Select Enable Access Control
    • Press Add Policy
    • Click Next
  • STEP 2: SELECT SCHEDULE:
    • Select Always (this will ensure the policy is always active)
  • STEP 3: SELECT MACHINE:
    • Address Type: IP
    • IP Address: Enter ShareCenter Static IP Address
    • Press Add
  • STEP 4: SELECT FILTERING METHOD:
    • Method: Block All Access
  • STEP 5:: Save settings and reboot router:
  • TEST: Test solution by pinging router from a device on the Internet that's not located in your LAN.  If you can succesffuly PING the ShareCenter, then the solution is not working.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.