• March 28, 2024, 01:26:54 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: 1 [2] 3

Author Topic: Ransomware Infects D-Link NAS Devices  (Read 21746 times)

arisermpo87

  • Level 1 Member
  • *
  • Posts: 7
Re: Ransomware Infects D-Link NAS Devices
« Reply #15 on: February 25, 2019, 10:03:57 AM »

Ok! I'll do it! Thanks for all the help.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Ransomware Infects D-Link NAS Devices
« Reply #16 on: February 25, 2019, 10:25:03 AM »

Keep an eye on your system and back ups.

 ;)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

iker

  • Level 1 Member
  • *
  • Posts: 3
Re: Ransomware Infects D-Link NAS Devices
« Reply #17 on: February 25, 2019, 12:45:49 PM »

What version of FW are you using?

The use user did mention "My Dlink NAS is a DNS-320LW (the White version of more widespread DNS-320L with full firmware compatibility), and I must confess that I had not updated the firmware so it should be a basical 1.01."

So at this stage anything was possible.

Since v1.11 is most currently we can only hope that users would and should be already on this version of FW and would help avoid this kind of compromise.

I am already on the lastest version, I meant that I hope that the attack was on not updated versions so updated devices are safe.

For those with DMZ enabled you should disable it and only forward the ports you neet to be accesed from the internet (I only have opened the ports needed for transmission addon), with DMZ you are basically forwarding all the ports to your NAS and that is a very bad idea. And always have an offline backup of the important files.

Good luck to the affected
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Ransomware Infects D-Link NAS Devices
« Reply #18 on: February 25, 2019, 01:13:24 PM »

So far, seems to be either older FW versions or units placed in host routers DMZ. Which is not recommended.

Thanks for posting.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

sibigr

  • Level 1 Member
  • *
  • Posts: 2
Re: Ransomware Infects D-Link NAS Devices
« Reply #19 on: February 26, 2019, 02:51:45 AM »

Hello. Same problem with 320L hit by cr1ptt0r, I have lost all my files, this is a disaster, I used the 320L at work. I contacted dlink greece and they didn't help, they don't know how. I didn't have the latest firmware but I have updated it 2-3 times since I bought the nas. I read at forums that many users with the 320/320L have been hit by this ransomware virus. I need the files desperately, years of work and memories have been locked. What can I do? Someone please help!
« Last Edit: February 26, 2019, 08:44:59 AM by sibigr »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Ransomware Infects D-Link NAS Devices
« Reply #20 on: February 26, 2019, 06:56:47 AM »

Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Kiwacka47

  • Level 1 Member
  • *
  • Posts: 2
Re: Ransomware Infects D-Link NAS Devices
« Reply #21 on: February 26, 2019, 07:44:09 AM »

Its legit.  Happened to me.
12 years of photos now locked away along with more.

I can tell you I have not updated the FW in a long time so that sucks.
With this being so new, I'm just going to shelve the drives for now and wait for one day to get my photos and video's back.

Logged

sibigr

  • Level 1 Member
  • *
  • Posts: 2
Re: Ransomware Infects D-Link NAS Devices
« Reply #22 on: February 26, 2019, 08:11:36 AM »

FYI:
Link>D-Link NAS Owner's :: Regarding CripTor Ransomware

Great, their suggestion is to format the drives, are they serious?? What kind of support is that? This is totally unacceptable, I bought this dlink NAs so as to have my files safe and now this happened, dlink ruined me.

Now I have to pay a criminal 1200$  to take my files back with no guarantee at all, because of dlink. They should find a way to unlock our files, dlink is responsible for this, I trusted them for my files safety and I lost all my files!! Why do they sell NAS devices if they are not safe and they cannot offer support?
« Last Edit: February 26, 2019, 08:17:47 AM by sibigr »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Ransomware Infects D-Link NAS Devices
« Reply #23 on: February 26, 2019, 10:41:58 AM »

An alternative to keeping NAS on line LAN side:
"If users put their DNS on a static IP address, they can go into the router "Access Control" section and put the DNS IP on a blacklist, so it will be invisible to the Internet. That will block 100% of direct attacks, but doesn't help if an infected PC on a LAN hits the DNS."
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Ransomware Infects D-Link NAS Devices
« Reply #24 on: February 26, 2019, 11:17:12 AM »

Do a search with your favorite search engine and you might find fixes to this:
"Cr1ptT0r Ransomware"

Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Kiwacka47

  • Level 1 Member
  • *
  • Posts: 2
Re: Ransomware Infects D-Link NAS Devices
« Reply #25 on: February 26, 2019, 01:18:58 PM »

After doing a search for Cr1ptT0r ransomware comes up with the same solution over and over but not of the software can scan the D-Link NAS.

Considering trying some date description software to see if it can recover the files from the NAS.

Anyone else have any luck so far?
Logged

JavaLawyer

  • BETA Tester
  • Level 15 Member
  • *
  • Posts: 12190
  • D-Link Global Forum Moderator
    • FoundFootageCritic
Re: Ransomware Infects D-Link NAS Devices
« Reply #26 on: February 26, 2019, 05:48:32 PM »

Please see the following post for recommendations regarding the ransomware vulnerability: http://forums.dlink.com/index.php?topic=74600.msg301549#msg301549
Logged
Find answers here: D-Link ShareCenter FAQ I D-Link Network Camera FAQ
There's no such thing as too many backups FFC

NBS

  • Level 1 Member
  • *
  • Posts: 1
Re: Ransomware Infects D-Link NAS Devices
« Reply #27 on: February 28, 2019, 06:13:30 AM »

Our NAS also infected on 26.02. We upgraded the firmware and disconnected it from the internet, but the data still encrypted...
The company hold 3 days ago! How can we get our data back???
Logged

pecirepi

  • Level 1 Member
  • *
  • Posts: 2
Re: Ransomware Infects D-Link NAS Devices
« Reply #28 on: February 28, 2019, 12:53:53 PM »

I have same situation, my dns-320 affected and all data encrypted on volume 1 (25.2.2019) and backup volume 2 backed up same day in midnight. My question is is there anyone who try to recover files, is it possible to use any of the tools to recover from backup volume. Since this volume is used only once a day during backup. MY DEVICE DNS-320 FIRMWARE 1.02. Latest for this hardware on d-link website.
Inside 2 hdd drives from WD WD30EZRX  3TB DRIVES.
Any help will be appreciated. This is binary files mostly, job of last 15 years destroyed.
Thank you.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Ransomware Infects D-Link NAS Devices
« Reply #29 on: February 28, 2019, 02:18:32 PM »

What region are you located?
Latest if v1.11: http://forums.dlink.com/index.php?topic=73863.0

I have same situation, my dns-320 affected and all data encrypted on volume 1 (25.2.2019) and backup volume 2 backed up same day in midnight. My question is is there anyone who try to recover files, is it possible to use any of the tools to recover from backup volume. Since this volume is used only once a day during backup. MY DEVICE DNS-320 FIRMWARE 1.02. Latest for this hardware on d-link website.
Inside 2 hdd drives from WD WD30EZRX  3TB DRIVES.
Any help will be appreciated. This is binary files mostly, job of last 15 years destroyed.
Thank you.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.
Pages: 1 [2] 3