2022 is shaping up to be the year of NAS DeadBolt ransomware attacks. I’ve covered the ransomware attack on QNAP enclosures, but it seems as though TerraMaster was next in line to receive a battering. The company shared details on its official community forum on the matter, confirming reports have been sent in from NAS owners.
Firstly, it’s best you check your TerraMaster NAS to ensure you’ve not been affected by this attack. If you’re good to go, I strongly recommend reading up on my guide for how to protect against ransomware and checking what TerraMaster recommends through TOS. And make sure TOS is up to date with the latest security patches applied.
After studying this ransomware, we have fixed the vulnerabilities in the TOS system that may be exploited by the ransomware. We will continue to work hard to improve the security of the TOS system and release updates in time.
TerraMaster
According to the forum post, it appears as though TerraMaster has already patched the vulnerabilities that allowed this attack to take place on TOS-powered NAS enclosures. If you have been affected and are indeed locked out of your data, there are some tools available that may be able to lend an assist.
I’d also recommend following communications on the official TerraMaster forum. You’re not alone and the company is well aware of the situation. Here’s hoping there will be swift action that gets the files returned to those affected without needing to fork out for decryption keys.
It’s not yet known how the ransomware managed to infiltrated TOS, though I’d wager it to be UPnP or some other feature that handles external connections. Should you have important data saved on your NAS enclosures, it may be a good time to consider just how important it is to have access outside your LAN.
Even the best NAS can be affected by ransomware if you’re not careful with how you configure and run your network. Be safe out there.
