Looking for information on how to deal with this deadbolt mess? Absolutely. Looking for a "well you should've had a backup somewhere" preach? I highly doubt that...dosborne wrote: ↑Mon Aug 15, 2022 8:55 pmThis is not criminal hacker tech support, this is QNAP community support. As there is no "fix" for this ransomware, the only solution that can be offered is to help people with data recovery and planning to prevent the next attack. It cannot be said enough, therefore this *IS* the place. Many users come here specifically to read about Deadbolt and need the information on creating a backup plan for the future.qsurenot wrote: ↑Mon Aug 15, 2022 5:20 pmYes we ALL understand the importance of backups but this is neither the time nor place for this great advice for several reasons:dosborne wrote: ↑Fri Aug 12, 2022 10:29 am Lesson 1 - have a backup strategy that fits with your data
Lesson 2 - spend an hour reading about *ALL* the devices on your network and learn the basic steps to secure them. (At least sign up for security notices about vulnerabilities)
These lessons may not help you *today* (as there really is no help to be given since you either take the data loss, or restore from backup, or pay the ransom) but they are critical for the day you get your system running again either from a complete reset or from decryption. If you don't learn these lessons, you are still vulnerable. Whatever you did to allow the attack should be resolved now, before anything else or there is no point.
We are trying to help you, so that you aren't back in the same situation in 3 months.
Read the posts about people being hit with multiple waves of ransomware that even paying for the key does not help recover all files.
1. By definition a NAS is often THE BACKUP device for many users. for the majority of people who just wanted a safe place for their photos and files.
True and spend possibly hours doing all of that again AT NO FAULT of yours other than using a terrible vendor with a joke of a process for securing their products.Great. Then their original data is safe and unaffected. Secure the network, remove the malware, make a new backup. No data loss.
Agreed and one of the most important things you can do to secure your network is do your research and try to pick decent/reputable brands who take security seriously. THEN perhaps we can talk about backup plans. As for UPnP, great point: why did QNAP have it on by default? (and have it buried in configuration settings with a non-standard name to boot?) I could see a router vendor doing it because that's a use case for routers but what use case is it for a NAS device especially coming from a vendor with shoddy security practices? Was it the "get to your files from ANYWHERE using myQnapCloud" advertised all over the place? So now they're disabling it after this fiasco, why wasn't it disabled to begin with?"Contributing" - perhaps, but ultimately the security of YOUR network is YOUR responsibility. If your router locked down UPnP for instance, which many as finally disabling by default, then the ransomware would not have affected so many NAS users. Shouldn't you be "blaming" your router manufacturer instead (or as well) then?4. And similarly to #3, it's not the ransom paid by the victims that's putting us collectively in danger, it's vendors like QNAP with horrific security controls and QA for their products that are putting us all in danger.
TL;DR: It's not my router or my network security or my backup plans or what I had for dinner that resulted in this mess. It is a poorly designed NAS device made by QNAP with a zero day vulnerability. Simple as that.
