It’s currently being reported that ASUSTOR NAS owners have been locked out of their enclosures without access to data saved on the installed drives. A DeadBolt ransomware attack is rendering ASUSTOR NAS useless after encrypting all available data and setting up an injected GUI.
NAS owners have taken to Reddit and the official ASUSTOR forum to try and work out what’s happening, what models are affected, how the ransomware is getting onto ASUSTOR enclosures, and what can be done if affected. Other NAS brands have been affected by ransomware in recent months, including QNAP and TerraMaster.
The DeadBolt ransomware attack encrypts data and switches out the GUI, leaving little for the NAS owner to do aside from regret not having a backup of the NAS at hand. It’s not currently known what models are unaffected, so it’s recommended to disconnect your ASUSTOR NAS immediately from the internet and back up everything.
Reports suggest that it doesn’t seem to matter if EZConnect is enabled and ASUSTOR hasn’t released any details on how the attacks are taking place. Affected NAS owners are being asked to provide 0.03 Bitcoin for an encryption key to be sent across. I don’t recommend you do so unless your data is incredibly important and ASUSTOR is unable to provide a solution.
Have you been affected by the ransomware attack? ASUSTOR recommends you follow the following steps:
- Disconnect the NAS from the LAN.
- Shut down the NAS (press and hold the power button for three seconds).
- Do NOT turn on the NAS once shut down.
- Fill out this Google Form for an ASUSTOR technician to respond and provide assistance.