2nd ranconware infection in 1 year
Hi,
I just suffered a second attack on my NAS542 in 1 year.
The first, infected with ranconware (.0xxx).
I had no choice but to format 2 hard drives out of the 4 hard drives present.
Fortunately nothing important, only archives.
But at the beginning of the week, new attack.
3 of my 4 hard drives were infected with .checkmate ranconware.
I turned to the technical support of Zyxel France.
And as an answer: product out of warranty so we will not help you.
And in addition, I am told that I am responsible for the security of my network and that I am responsible (indirectly) for the defects of this one.
I only opened port 21, to allow access to my files from the outside for the nas542 and another NAS synology.
Nothing more then.
Compared to the times and dates of infection, I compared with the logs of the nas, and nothing indicates a compromise of the user accounts.
I do not understand how your technical service in France clears itself of any problem.
I checked the 6 workstations (mac and windows) to determine if there were other infected hard drives and the other NAS.
no trace, only the infected NAS542.
So, I conclude that there is indeed a security breach present and I do not accept being told that I am entirely responsible for it.
Do you have a permanent solution to offer me or should I conclude that the NAS542 is obsolete and does not allow it to be shared safely?
The firmware is of course up to date, checked every month following the first attack.
Cordially
All Replies
-
Ransomware typically enters a network through social engineering attacks such as phishing emails or by exploiting in software or operating systems.
Some types of ransomware will also attempt to spread laterally across the network to other machines and devices to infect as many systems as possible.
When the issue happens, it's important to clean all of the hard drives.Hard reset is required and reinstall the OS system as well.
The best way to protect from ransomeware is to be cautious when opening emails or clicking on links from unknown sources.0 -
You have to wiped HDDs, factory reset, readded disks.
1 -
Hi,
The only concern is that only Zyxel's NAS is affected and infected. Not the other NAS or the other 6 workstations.
The only concern is that there is a fault on this one, for lack of response from the technical service which, on the pretext that now the equipment is no longer guaranteed, they have nothing to do with it.0 -
Alas yes, had no other choice.
I still backed up the corrupted data on an external HD, in case of a solution in the coming months, if that happens.
I also plan to quickly resell this NAS which is no longer secure enough.0 -
Hi @brolysan13
It is generally recommended to reinstall the operating system on any device that has been infected with ransomware. This is because ransomware can be difficult to fully remove, and there may be hidden or residual malware that remains even after the ransomware is removed.Reinstalling the operating and network system can help ensure that all traces of the ransomware and any other malware have been removed from the device. However, it is important to make sure that you have a backup of any important data before reinstalling the operating system, as the process will erase all data on the device.
For the NAS, once the device gets polluted, please wiped HDDs, factory reset, and readded disks.
You can refer to the article below to enhance your NAS security.Engage in the Community, become an MVP, and win exclusive prizes!
1 -
Good morning,
After discussion for several days with the pirates, I found a satisfactory solution to have the decryption of the data.
I even got the explanation of how they performed the encryption.
And I confirm, the NAS452 DOES have a security CONCERN.
This NAS will be quickly replaced by a synology much more secure (and benefiting from the function which prevents hackers from accessing it).
Well the last time I use this Zyxel NAS.0 -
Good morning,
that's exactly what I did during the first rancomware attack.
I didn't think it was going to happen a second time, surely only NAS452 was hacked and attacked. Not that of another brand nor the 6 fixed stations either.I think the NAS is no longer secure enough to be left with an open port for an outside connection.
0 -
And I confirm, the NAS452 DOES have a security CONCERN.
Can you elaborate on that?
1 -
Hi @brolysan13
CVE (Common Vulnerabilities and Exposures) is a list of publicly disclosed cybersecurity vulnerabilities and exposures.
Could you provide any specific CVE number associated with the security concern?
Knowing the CVE number will help us understand the nature of the vulnerability and provide better assistanceEngage in the Community, become an MVP, and win exclusive prizes!
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight