Author Topic: Cr1ptT0r ransomware affecting NAS  (Read 5677 times)

0 Members and 1 Guest are viewing this topic.

Offline pdaviesoz

  • Newbie
  • *
  • Posts: 4
Cr1ptT0r ransomware affecting NAS
« on: March 01, 2019, 01:07:55 PM »
Anyone else been hit by this? Does Avast remove it? It affects D-Link DNS (Mine's a 300-L). Cannot get an answer from Avast if they even know about it.
« Last Edit: March 02, 2019, 03:26:56 AM by pdaviesoz »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
  • Not a avast user
« Last Edit: March 06, 2019, 06:39:41 PM by Pondus »

Offline pdaviesoz

  • Newbie
  • *
  • Posts: 4
Re: Cr1ptT0r ransomware affecting NAS
« Reply #2 on: March 05, 2019, 12:36:49 AM »
Thanks Pondus,

I'm not sure how this helps. I clicked the Sample link and it says "analysis in progress", but I'm not sure what that means.

I ran Avast over the affected NAS disk, but it didn't detect the ransomware. How can we actually contact Avast and find out if there is a solve in the works?

PauLD

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
  • Not a avast user
Re: Cr1ptT0r ransomware affecting NAS
« Reply #3 on: March 06, 2019, 06:46:33 PM »
Quote
I'm not sure how this helps. I clicked the Sample link and it says "analysis in progress", but I'm not sure what that means.
Try click again, and you should see avast detect sample from the bleeping computer article


====================================================
Old firmware is a sitting duck

Details are scarce at the moment, but BleepingComputer forum members offer information suggesting that the attack vector is most likely vulnerabilities in old firmware. A member of the Cr1ptT0r team confirmed this to us, saying that there are so many vulnerabilities in D-Link DNS-320 NAS models that they should be built from scratch to make things better.
======================================================


Contact   https://www.avast.com/en-eu/contacts



Offline pdaviesoz

  • Newbie
  • *
  • Posts: 4
Re: Cr1ptT0r ransomware affecting NAS
« Reply #4 on: March 09, 2019, 05:29:35 AM »
Ok, but I ran a scan with Avast and it didn't detect it.
Confused

Offline yann_pinaroli

  • Newbie
  • *
  • Posts: 1
Re: Cr1ptT0r ransomware affecting NAS
« Reply #5 on: March 09, 2019, 06:50:29 PM »
I have the same issue and AVAST didn't detected anything on my NAS !!!
Did you find a way to remove it and restore your files ?

Offline Vladimirz

  • Avast team
  • Jr. Member
  • *
  • Posts: 26
Re: Cr1ptT0r ransomware affecting NAS
« Reply #6 on: March 13, 2019, 04:08:48 PM »
If problem (malware) is in firmware you can't detect file on disk.
Upgrade firmware - https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10110 and erase/format your disk. You can backuped your decrypted data, but there are no keys, so decryptor is not yet available. Check this alfa procedure: https://resolverblog.blogspot.com/2019/03/de-cr1pt0r-tool-cr1pt0r-ransomware.html but according to author: "this is not a solution".