Avast WEBforum
Consumer Products => Avast Mac Security => Topic started by: pdaviesoz on March 01, 2019, 01:07:55 PM
-
Anyone else been hit by this? Does Avast remove it? It affects D-Link DNS (Mine's a 300-L). Cannot get an answer from Avast if they even know about it.
-
Cr1ptT0r Ransomware Infects D-Link NAS Devices, Targets Embedded Systems
https://www.bleepingcomputer.com/news/security/cr1ptt0r-ransomware-infects-d-link-nas-devices-targets-embedded-systems/
Sample
https://www.virustotal.com/#/file/9a1de00dbc07271a27cb4806937802007ae5a59433ca858d52678930253f42c1/detection
-
Thanks Pondus,
I'm not sure how this helps. I clicked the Sample link and it says "analysis in progress", but I'm not sure what that means.
I ran Avast over the affected NAS disk, but it didn't detect the ransomware. How can we actually contact Avast and find out if there is a solve in the works?
PauLD
-
I'm not sure how this helps. I clicked the Sample link and it says "analysis in progress", but I'm not sure what that means.
Try click again, and you should see avast detect sample from the bleeping computer article
====================================================
Old firmware is a sitting duck
Details are scarce at the moment, but BleepingComputer forum members offer information suggesting that the attack vector is most likely vulnerabilities in old firmware. A member of the Cr1ptT0r team confirmed this to us, saying that there are so many vulnerabilities in D-Link DNS-320 NAS models that they should be built from scratch to make things better.
======================================================
Contact https://www.avast.com/en-eu/contacts
-
Ok, but I ran a scan with Avast and it didn't detect it.
Confused
-
I have the same issue and AVAST didn't detected anything on my NAS !!!
Did you find a way to remove it and restore your files ?
-
If problem (malware) is in firmware you can't detect file on disk.
Upgrade firmware - https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10110 and erase/format your disk. You can backuped your decrypted data, but there are no keys, so decryptor is not yet available. Check this alfa procedure: https://resolverblog.blogspot.com/2019/03/de-cr1pt0r-tool-cr1pt0r-ransomware.html but according to author: "this is not a solution".