TerraMaster NAS attacked by ransomware

Ensure your TerraMaster NAS is updated and protected against ransomware.

TerraMaster announced in January that the company’s NAS range and TOS operating system may be susceptible to ransomware attacks. This is yet another popular NAS manufacturer confirming attacks have taken place in the past year or so. TerraMaster shared details on how to safeguard enclosures and recover data.

The announcement was made on January 11. We’re a little late to the party but wanted to get something covered on our end to make sure everyone is aware. The company was made aware by NAS owners that data was encrypted by external forces and as such acted promptly by recommending the following measures:

  1. Upgrade your TOS to the latest version.
  2. Install good anti-virus software on your computer, TNAS device and router to help you detect and resist malicious threats.
  3. Disable port forwarding on your router.
  4. Disable the UPnP function on your TNAS.
  5. Disable RDP, SSH and Telnet when not in use.
  6. Set a high security level password for all users.
  7. Disable the system default admin account, re-create a new admin account, and set an advanced password.
  8. Enable firewall and only allow trusted IP addresses and ports to access your device.
  9. Avoid using default port numbers 5443 for HTTPS and 8181 for HTTP.
  10. Enable automatic IP block on your TOS Control Panel to block IP addresses with too many failed login attempts.
  11. Backing up data is the best way to deal with malicious attacks; always back up data, at least one backup to another device. It is strongly recommended to adopt a 3-2-1 backup strategy.

Should you have already been affected by ransomware, TerraMaster recommends that computers and NAS servers are disconnected from the internet immediately. It’s then important you adequately scan connected PCs and NAS servers to remove all traces of infection and reformat NAS drives to deploy a backup.

Even the best NAS are not immune to ransomware attacks and it’s certainly something to bear in mind when your server is connected to the outside world. It’s not recommended you pay any ransom to recover data as it’s still not 100% guaranteed to work. Always have multiple backup copies of all your data.

TerraMaster is working on TOS 5.0, which is currently in the preview phase and is expected to launch sometime in 2022. Discussions on this issue are currently ongoing on the TerraMaster forum, should you require further assistance.

By Richard Edmonds

Richard has been covering the technology industry for more than a decade. He has spent more time tinkering inside a PC chassis than anywhere else, for better or worse.

Leave a Reply

Your email address will not be published. Required fields are marked *

To help keep the lights on, we may earn a commission for purchases using links to buy recommended products.