D-Link Forums

The Graveyard - Products No Longer Supported => D-Link Storage => DNS-320 => Topic started by: GreenBay42 on April 11, 2019, 12:46:21 PM

Title: DNS-320 Rev Ax/Bx - Cr1pT0r ransomware firmware fix
Post by: GreenBay42 on April 11, 2019, 12:46:21 PM
Firmware has been released. This or any firmware will NOT recover encrypted files

Rev A1 / A2 - ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DNS-320/REVA/DNS-320_REVA_FIRMWARE_v2.06B01.zip (ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DNS-320/REVA/DNS-320_REVA_FIRMWARE_v2.06B01.zip)


Rev B1 / B2 - ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DNS-320/REVB/DNS-320_REVB_FIRMWARE_v1.03B01.zip (ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DNS-320/REVB/DNS-320_REVB_FIRMWARE_v1.03B01.zip)
Title: Re: DNS-320 Rev Ax/Bx - Cr1pT0r ransomware firmware fix
Post by: Carloroma63 on May 12, 2019, 05:50:29 AM
Thanks,
installed without problem, I'd like to known if this release include only Cr1pT0r fix or also other feature and/or bug fixes?
Thanks

Carlo
Title: Re: DNS-320 Rev Ax/Bx - Cr1pT0r ransomware firmware fix
Post by: FurryNutz on May 13, 2019, 06:32:47 AM
The release notes only mention 1. Fixed Cr1ptT0r ransomware security issue - login_mgr.cgi allows attackers pipe commands to the user.log
Title: Re: DNS-320 Rev Ax/Bx - Cr1pT0r ransomware firmware fix
Post by: j-marcelo on May 24, 2019, 05:11:35 AM
Hello!
I upgraded my DNS 320 A1 from version 2.00 to 2.06B01.
So far so good!
Thanks!
Title: Re: DNS-320 Rev Ax/Bx - Cr1pT0r ransomware firmware fix
Post by: FurryNutz on May 24, 2019, 06:27:44 AM
Enjoy.  ;)
Title: Re: DNS-320 Rev Ax/Bx - Cr1pT0r ransomware firmware fix
Post by: yanjian on July 24, 2019, 12:27:09 PM
I finally tried upgrading my DNS-320 A1 from version 2.00 to 2.06B01 but unfortunately, even though the upgrade process appeared to be successful, the NAS was no longer accessible after it rebooted.  Here are the symptoms:

- Web UI admin console no longer accessible
- The NAS never seems to reboot successfully - the power LED stays flashing blue the whole time and no longer changes to solid blue
- The NAS is no longer accessible from Windows Explorer via "\\192.168.1.x"
- The NAS still responds to ping, although it does seem to take a much longer time for it to respond

I'm afraid that I've bricked it :(  Did anyone run into similar issues?  Any help is much appreciated!
Title: Re: DNS-320 Rev Ax/Bx - Cr1pT0r ransomware firmware fix
Post by: FurryNutz on July 24, 2019, 12:43:05 PM
Be sure your accessing the correct IP address for the DNS as it may have changed.

Have you factory reset the DNS and then tryto connect to it's web page with a web browser?



I finally tried upgrading my DNS-320 A1 from version 2.00 to 2.06B01 but unfortunately, even though the upgrade process appeared to be successful, the NAS was no longer accessible after it rebooted.  Here are the symptoms:

- Web UI admin console no longer accessible
- The NAS never seems to reboot successfully - the power LED stays flashing blue the whole time and no longer changes to solid blue
- The NAS is no longer accessible from Windows Explorer via "\\192.168.1.x"
- The NAS still responds to ping, although it does seem to take a much longer time for it to respond

I'm afraid that I've bricked it :(  Did anyone run into similar issues?  Any help is much appreciated!
Title: Re: DNS-320 Rev Ax/Bx - Cr1pT0r ransomware firmware fix
Post by: yanjian on July 25, 2019, 10:20:23 AM
Yes, I confirmed that the IP address didn't change.  I tried doing a factory reset but that didn't seem to do anything.  In fact, the NAS wouldn't even shut down when I tried holding down the power button for a few seconds while the power LED was still flashing blue - I had to unplug the power to shut it down.  The power LED would never turned solid blue after bootup like it used to do - it almost seems like it's stuck on something at bootup, of course I have absolutely no idea what it's getting stuck on :(
I even tried pulling out the hard drives and boot it up without the drives in - still the same behavior and the web interface is not accessible :(
Title: Re: DNS-320 Rev Ax/Bx - Cr1pT0r ransomware firmware fix
Post by: FurryNutz on July 26, 2019, 06:17:34 AM
Try a factory reset with out the drives installed. Hold the reset button for 10 seconds then let go...

Yes, I confirmed that the IP address didn't change.  I tried doing a factory reset but that didn't seem to do anything.  In fact, the NAS wouldn't even shut down when I tried holding down the power button for a few seconds while the power LED was still flashing blue - I had to unplug the power to shut it down.  The power LED would never turned solid blue after bootup like it used to do - it almost seems like it's stuck on something at bootup, of course I have absolutely no idea what it's getting stuck on :(
I even tried pulling out the hard drives and boot it up without the drives in - still the same behavior and the web interface is not accessible :(
Title: Re: DNS-320 Rev Ax/Bx - Cr1pT0r ransomware firmware fix
Post by: yanjian on July 26, 2019, 09:30:05 PM
Thanks for the suggestion - doing factory reset without the drives did work to a point that the NAS is now able to boot up to solid blue power LED after ~1 min without the drives (and the web interface accessible).  However, once I tried putting the drives back in and power it up, it's the same issue again - I cannot run the setup wizard to reconfigure the NAS because it's still stuck on the flashing blue power LED light (with the drives in it) and the admin console is apparently inaccessible when the NAS is in that state  :(

I believe the drives are good though, as I was able to read it via a Linux reading utility and read the data out from the drives (I had RAID 1 set up before).  I'm wondering if I should reformat both drives and try again, although reloading the data would be a very time consuming process.