ech0raix
All Replies
-
@Macace
Hello
I was going to my local PC shop and bought two new Hard Disks.
1 Before mounted HD’s in my NAS 542, I removed all old HD’s,
2 Made a factory reset (once again) and updated firmware to ABAG.15.
3 Mounted the two brand-new HD’s and power up. (100% clean HD’s)
4 After power up, select RAID 1 (Two HD’s)
5 All looks OK, login, change password, check both HD’s installed correct.
6 BUT, after 10 minutes, something strange happened:
Both HD’s was very byssi, the LED’s was flashing very fast. (Maybe it is normal ?)
I was a little worried, so I made check/screen-dumps of the log file.
Log (Partly):
Approximately 12 minutes after power up:
Class: backup Severity: info Message: zysync server v2.00 starting, listening on port 873
Approximately 20 minutes after power up:
Class: user Severity: notice Message: Add new user zin7hcFg_V07- - - -
After above, I made a check of NAS542 registered users:
#1: admin System default user (After factory reset)
#2: pc-guest Guest (After factory reset)
#3: zyxel@”My e-mail addr” Cloud user (Automatic Add-on user after power-up?)
I am a little surprised over user #3, I have used this mail address to Zyxel registration for 8 years ago? (Not since, I open normal a specific mail address to companies).
After a factory reset, I expected all these setup was total cleared?
After approximately 25 minutes, I powered NAS542 down, because of bad filling, that something was wrong!
I have removed both new HD’s and made a new factory reset, so now I’ am standby once again.
What’s happened inside this NAS542?
0 -
Hello
I have removed the automatic generated Cloud User as follow:
Go to the MyZyxel Cloud Website and do a disconnect from your NAS from the MyZyxel Service.
After this uninstall the MyZyxel App in the NAS. After this the Cloud User should automatic remove after a short time.
I have one of the 10 NAS that had not delete the Cloud User after this , but it is not the infected one. I dont know why.
After the new Informations I think the Cloud User is not the main problem. With the new FW it should be save at the moment. But how long ?
0 -
Today 25.07.2024 C3RB3R crypted my ech0raix crypted file.
So. Zyxel DO SOMETHING!!!
Find a solution for US.
Or, you gave acces to this pirates?
1 -
How is this possible?
Did you install the newest Firmware after the first Infektion and disable the complete internet access for the NAS after the update ?
From the 13 NAS that I have in service there was only one infected. After that I have done the update and close Internet complete for the other 12. There are actual no more problems.
There is no way to decrypt the files. To pay the hackers is a 50:50 chance.
In your case, when i understand correct, your files are now double crypted. In my opinion delete all and use your backup.
0
Categories
- All Categories
- 414 Beta Program
- 2.3K Nebula
- 132 Nebula Ideas
- 92 Nebula Status and Incidents
- 5.4K Security
- 183 USG FLEX H Series
- 258 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 37 Wireless Ideas
- 6.2K Consumer Product
- 237 Service & License
- 374 News and Release
- 79 Security Advisories
- 24 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 80 About Community
- 69 Security Highlight