Details: Urgent notice about TNAS being attacked by ransomware- TerraMaster Official Forum
At about 00:10 on January 11, 2022, TerraMaster’s NAS was attacked on a large scale across the country. The attacker’s IP I recorded was: 118.195.185.16. Obviously, mine was also attacked.
Yesterday I entered 360’s blackmail feedback group, and there were four or five netizens who were attacked within a minute or two of me, and they were all TerraMaster’s NAS. The port number has been changed from 5000 to others, but there are still IPs from unknown sources attacking the NAS from time to time. Later, I had to close the Internet connection of the NAS.
So, I think, should TerraMaster officials take some responsibility this time? In this way, who would dare to use TerraMaster's NAS to hang on the Internet in the future?
What is the reason for the weak password? My NAS has a total of five accounts.
But I checked and found that the files under the personal folders of all accounts were encrypted with the extension .encrypt, so it can be seen that it was not because the password was cracked! ,
At the same time, I found that UPnP has never been turned on, FTP has never been turned on, that is, SSH and Telnet are turned on by default (I didn’t find out how to turn it off before), and the default admin account cannot be disabled at all!
My data is 1.5T, and it only took about 8 hours from being breached to the completion of encryption of all files. Except for files with some extensions that are not encrypted, the number of encrypted files is 440,000, and the size is about 1.3T. If I want to copy these materials from the intranet, it will take at least 1 day.
At the same time, you can quickly access all registered NAS with the preset device name from the official website of TerraMaster. However, the official website of TerraMaster could not be opened at noon yesterday, and it was not restored until the afternoon. It can be seen that hackers should have broken through first. TerraMaster’s official website has obtained all device information, mastered the back door of the device and then targeted to break through it, and ransomware encryption directly from the bottom layer of the device, that is to say, the speed of encryption is faster than the one I copied from the LAN Several times the reason! ,
Therefore, this responsibility should be borne by TerraMaster officials first!
Now, in order to save the data, I can only honestly buy the hacker’s data recovery key. I found a seller on Taobao yesterday to help restore the data and buy the key. I have placed an order and paid 1.5W, and I will wait for the data to be backed up. Now, let's start to help me recover.
The last thing I want to say is that I will never recommend or buy a TerraMaster NAS in the future, and all netizens should be vigilant!
