LAST UPDATED: 13th July 2022 09:10 Prime Day Bargains on Synology, QNAP, Seagate, WD, Sabrent and More to Watch For That’s right, it is that time once again when the biggest e-retail company in the world hosts Its very own mega sale – Amazon Prime Day 2022. No doubt many of us with a prime […]

NAS Brands in 2022 – Get it Right, FIRST TIME!

If you have been looking to purchase your first NAS drive, or are looking at upgrading the system that you have been using in your home/office for the last few years, then it is understandable that it is ALOT of get to grips with. Network Attached Storage has evolved incredibly over the last few years and has gone from a rather niche area of the I.T industry into something that pretty much all users can benefit from in their daily lives. With the monthly/annual subscription costs of cloud storage providers (such as Google Cloud, AWS, DropBox and Microsoft OneDrive) getting higher, as well as the size of our daily data skyrocketing, making the switch from rented 3rd party cloud space to your very own NAS server in-house makes ALOT of sense. It becomes even more compelling when you add in the full range of software, services and features that modern NAS includes (Plex, AI Photo Recognition, Surveillance, VMs, Hybrid backup-n-sync and more), but like any area of technology – NAS can become a complicated and confusing subject. Every year for the last 5 years I have produced a guide on modern NAS brands, the best solutions you can get right now, who the brands have improved/declined and ultimately created an idiots guide to choosing the right NAS solution for your needs right FIRST TIME. In this, the 2022/2023 edition, we have seen a huge increase in 2.5GbE network solutions, improvements in M.2 NVMe technology and all of the popular NAS brands introducing improvements in their server software. So, what are you waiting for? Here is my guide to Network Attached Storage in 2022. Use the chapters below to skip ahead and I hope this helps you choose the right solution for your needs.

Want to Skip Ahead to a Specific NAS Brand or Subject? Click Below:

• What is a NAS Drive?
• What can ALL NAS Drives do?
• Why Choose NAS over Google, DropBox or Microsoft Cloud?
• Why Choose Synology NAS?
• Why Choose QNAP NAS?
• Why Choose Asustor NAS?
• Why Choose WD NAS?
• Why Choose Terramaster NAS?
• Why Choose Buffalo NAS?
• What About Zyxel or D-Link NAS?

Is a NAS and a Server the Same Thing?

You will often hear people use the word NAS and the word Server differently. Both are exceedingly similar and often interchanged, but there are some teeny tiny historical differences between them. The word server can sometimes bring out a cold sweat in the less technically minded or IT experienced, but in reality, it is a pretty harmless term. A server is a piece of hardware (like a computer) or software (so a program that runs on a computer) that manages, shares and controls data (pictures, videos, word documents, PDFs etc) to a number of people who wish to access them (these are called ‘clients’). That is it. Sure, there are much more complex and expensive servers that are designed to communicate with other servers or computers without human intervention – but in essence, they are all the same thing. Now where a regular server will give access to your users/clients via your internal network (router or switch) a NAS Server is the same, but it opens up a whole area of accessing it over the internet too. Different NAS servers provide different results and speeds and typically are designed with individual purposes in mind (i.e some are designed with media playing in mind, some with faster backing up and others with Surveillance recordings with CCTV IP Cameras). So first and foremost you have to make sure that the NAS you buy is designed for the tasks you have in mind. A fork and a Spoon are both cutlery, but you wouldn’t eat soup with a fork (maybe a spork). Traditional bare-metal servers have the option of remote internet access, but nowhere near as intuitively and with a focus on user-friendliness that NAS systems provide.

What is NAS Drive?

Network Attached Storage, with the exception of casual 3rd party cloud use, is currently the most popular means to store, access, share and distribute data across your home, your city and the rest of the world. It provides you with the means to:

• Access your Multimedia on Network devices over DLNA
• Backup all your devices easily and at a time of your choosing, wire-free
• Stream Media over the internet, anywhere in the world
• Share files securely and with full control of how and when they are accessible
• Centralize the storage of your data in one location
• Create Bespoke tiered backup solutions that fit your own needs

Choosing between Synology, QNAP, WD, Drobo, Netgear, Thecus and Asustor NAS

Let’s get our hands dirty and start working out what is the best NAS for you. All the brands have a different target audience in mind and each has its own Pros and Cons. However, all of them support a number of similar abilities, software and network basic functionality. So before we talk about what is better or worse about each NAS brand, let’s look at what they all have in common:

Applicable to all

• All are compatible with Mac, Windows, Android and Linux
• All arrive with a selection of included applications and services for tailored data access
• All can be purchased Worldwide and feature regular security updates and firmware improvements regularly
• All can be accessed via Mobile apps available via Google Play and iTunes, though there are more on some other brands than others
• All can be accessed via your web browser – like Chrome, Opera, Safari, and…sigh… Windows Explorer
• All use SATA HDD and SSD, with some having SAS enterprise options too
• All work via the network and can be accessed worldwide over the internet
• 3^rd Party applications like PLEX, KODI and APPLE TIME MACHINE are supported
• All arrive DLNA certified, so they will be accessed by your PS4, PS5, Xbox Series X/S, Xbox One, Smart TV or Sonos system to play media
• All are either WiFi-enabled or can have a WiFi dongle attached – though your speeds will suffer
• All when purchased NEW arrive with a warranty of at least 2 years and in many cases more

Why Not Use Cloud Services like Google Drive, OneDrive or Dropbox instead of a NAS?

Do not think that 3rd party cloud services are bad, they really aren’t! In fact, you should always consider adding a 2nd or 3rd tier into your backup strategy at home/work, and synchronization of files/folders on your NAS with the cloud is a good means to ensure you have another backup in place. Additionally, most NAS feature a variety of 256bit encryption options, password protection, 2 step verification and more to allow secure access is ensured to the NAS and the content, even via the cloud. Additionally, bg NAS brands like Synology and QNAP have been supporting Hybrid Cloud services that not only allow cloud storage to be bolted onto your NAS storage for shared usage and access, but also both brand support backup and synchronization with cloud collaborate services, such as Google’s G Suite and Microsoft’s Office 365. So there is DEFINITELY still a valid and useful place for 3rd party cloud services in 2022, however, I rarely advocate the use of these cloud services as a PRIMARY storage location. They ARE convenient and you can get a limited amount of space included for free, but I generally have three core reasons that I do not recommend cloud as a first-tier storage.

COST – The cost of most 2 year subscriptions costs about the same as if you just purchased even a small scale NAS on day 1. It might seem like just 5 or 10 bucks a month, but over 2 or 3 years, it all adds up and moreover, after that time you either need to keep on paying every month or still buy a NAS or DAS system for the data to live on. Might as well buy the NAS sooner rather than later as it will be inevitable eventually.

ACCESS – NAS provides more apps, file-level tailored use and can be better adapted into popular 3^rd Party applications like PLEX, KODI, APPLE TIME MACHINE and DLNA supported devices. A cloud provider severely limits the kind of access you have on a regular basis.

PRIVACY – NAS provides full individual user control and access, as well as admin controls. Plus the NAS can be fully disconnected from the Internet/Network at your discretion. A cloud provider has a relative pre-set safety protocol that, when cracked on one or two occasions, opens up mass hacking

This is not to say that data on your NAS is completely inaccessible. Any NAS brand can only really stay 1 step ahead of the hackers, patching exploits as they are found (no different than any online service really), but a NAS is a means to create a secure, customizable and ultimately bespoke data storage solution.

Why Choose Synology NAS? Advantages and Disadvantages

Likely one of the two NAS brands you have heard of, Synology NAS is the company that invests HEAVILY in its software – and it shows. It may seem one of the most expensive, but with it, you get some genuine boundary-breaking software with your purchase.  You still get a great level of hardware in the majority of Synology NAS solutions, but the real draw of Synology is that software. Not only does it support your own hardware environment of PCs, Macs, entertainment devices and mobiles in their own respective software, but DSM also includes MANY applications designed around keeping all your data IN-HOUSE. So, replace Skype/Whatsapp with Synology Chat, Replace Google Docs and Office365 with Synology Office. Use Synology Drive to make your storage visible and accessible the way YOU want it, and export your entire cloud/data network over to a Synology NAS and remove all the external access as and when you need! They aren’t the cheapest and they want you to do it ‘there way’, but it’s a pretty decent way. Additionally, their recent DSM 7.0 software has left many users impressed, with enhanced support of those 3rd party cloud storage and business services, AI photo recognition, their surveillance platform continuing to win awards and even an in-house cloud service in Synology C2. Stylizing themselves very much as the ‘Apple’ of this industry, they really do focus on keeping things straightforward and intuitive.

PROS of Synology NAS

• Easily the most intuitive and Usage browser-based GUI (award-winning DSM 6.2/7.0/7.1) – FULL Review HERE
• One of the best Surveillance NAS software solutions
• Most popular vendor for Mac users for it’s UI
• Incredibly feature-rich NVR software included, in Surveillance Station
• Includes Active Backup Suite – Enterprise level and fully featured Backup Co-ordination software
• Lowest Power Consumption vs other brands
• A large # of their systems arrive with m.2 NVMe SSD caching upgrade bays
• Quiet chassis compared with other brands
• Task specialised Ranges like ‘PLAY’, ‘PLUS’ and ‘J’ make buying easier
• The best range of first-party software, with Synology Office, Chat, Mail, Drive and more
• SHR and SHR-2 – also BTRFS available in most solutions
• Cloud Services available in Synology C2
• Desktop and Rack-mount options are available
• Best software for Home and SMB

CONS of Synology NAS

• Often the most expensive
• Recent Enterprise NAS Hardware has changed Compatibility in favour of Synology HDDs and SSDs
• Generally, Synology NAS has the lowest hardware power in their systems
• NVMe SSD Bays are for caching ONLY, they cannot be used for super-fast storage pools
• More technically minded folk will need to dig a little to get to the nitty-gritty
• SHR is not available on Enterprise NAS Systems
• Network ONLY – no HDMI, Audio in/out, Thunderbolt, etc

Synology DS220J NAS – $180 4-Core ARM 64bit CPU – 512MB Memory – 1GbE – 2-Bay	RECOMMENDED – Synology DS920+ – $535 4-Core Intel 64bit CPU – 4/8GB Memory – 1GbE – 4-Bay –  NVMe	Synology DS1621XS+ NAS – $1899 4-Core Intel Xeon 64bit CPU – 8/16GB Memory – 10GbE – 6-Bay –  NVMe
Best Budget NAS Check Amazon Below for Current Prices/Stock	Best Mid-Range Solution Check Amazon Below for Current Prices/Stock	Best Business Solution Check Amazon Below for Current Prices/Stock

---

Why Choose QNAP NAS? Advantages and Disadvantages

Often considered the choice for the more hardware-aware buyer, if you are looking for a much more traditionally computer associated hardware – QNAP NAS is certainly the one that springs to mind. Generally considered the ‘innovators’ of the NAS industry, they have the largest range of solutions available Notwithstanding the fact that their hardware is by FAR the most evolved platform in NAS (thunderbolt 3, multiple HDMI, 10Gbe standard solutions, Silent NAS, AI solutions and advanced SSD caching), the platform is fantastically diverse, providing great NAS options alongside network switches, network adapters and generally reshaping your hardware environment for the better. The software has also evolved dramatically into its own beast, moving away from trying to imitate and carving its own path. It is a little more technically (and I really do mean a little) but it is far more rewarding for it. They do not feature some popular items on their portfolio, such as BTRFS or a fluid RAID system like SHR/BeyondRAID, but make up for this with their own range of alternatives and in most cases succeed. Get your reading glasses on though, as their range is quite vast and might overwhelm you a tad. In recent years the brand has shifted focus a great deal more towards software in efforts to meet the gap with their rival Synology to pretty good success. This is often achieved by releasing software that does the previously impossible before anyone else, but lacking a little of the polish of their biggest rival. Recent achievements with HybridMount, vJBOD, HyperVisor Protector, QuMagie and Multimedia Console have been received remarkably well, arriving onto the scene 1-2 years before anyone else. Alongside this, QNAP still has easily the best virtual machine and backup software for home and SMB in Virtualization Station and Hybrid Backup Sync.

PROS of QNAP NAS

• Best Solutions for Plex Media Server in NAS
• Enterprise/Business Solutions feature ZFS
• 2.5Gbe, 5Gbe and 10Gbe Options
• Best Virtual Machine and Container Solutions in NAS
• NVMe SSD Bays can be used for Caching, Storage Pools or Tiered Storage Configurations
• Almost all range is metal in design, or a plastic but unique chassis
• HDMI and remote control included in most Media NAS devices
• Thunderbolt NAS options covering TB2, TB3 and even TB4 (TS-464)
• Two Surveillance Solutions (with 4/8 Camera Licenses included)
• The Best Backup/Synchronization solution in ‘Hybrid Backup Sync 3’
• Technical information far more readily available
• Lower price compared with Synology in terms of hardware
• Regularly updated software and Detailed GUI/APPs – FULL Review HERE
• Desktop and Rackmount options are available
• Much better business options and definitely the best for virtual machines

CONS of QNAP NAS

• A more android feel towards apps and stability means some users will be put off
• Lacking the BTRFS and SHR support of Synology
• Higher typical Power consumption
• Often a fraction noisier due to chiefly metal chassis
• Much larger range of devices can lead to confusion
• Most units arrive with 2-3 Years warranty, but longer will cost you more
• Have been targetted by Ransomware attacks in the last 2 years

QNAP TS-233 NAS – $205 4-Core ARM 64bit CPU – 2GB Memory – 1GbE – 2-Bay	RECOMMENDED – QNAP TS-464 – $599 4-Core Intel 64bit CPU – 4/16GB Memory – 1GbE – 4-Bay	QNAP TVS-872XT NAS – $2200 4/6-Core Intel Core 64bit CPU – 8/64GB Memory – 10GbE – 8-Bay
Best Budget NAS Check Amazon Below for Current Prices/Stock	Best Mid-Range Solution Check Amazon Below for Current Prices/Stock	Best Business Solution Check Amazon Below for Current Prices/Stock

---

Why Choose Asustor NAS? Advantages and Disadvantages

Another brand that was once a little on the fringe until around 2018, Asustor NAS has really upped their game in recent years, arriving with some impressively affordable 10Gbe solutions with the AS40 series, followed with the very well received Nimbustor 2 & 4 devices, and is now absolutely killing it with the Lockstor series. Certainly, a brand that wants to carve its place in the industry, the ASUS connected brand currently offers software features and functionality of Synology (BTRFS and Realtek integrated Processors) along with QNAP challenging hardware in HDMI 2.0a and 2.5Gbe default network ports (which they introduced first). This combined with a much cleaner and significantly improved software GUI in ADM, they have moved much beyond the slightly scrappy outsider vibe they had years ago. Recent additions to the range, such as the LockerStor have even included NVMe SSD bays and Xeon powered hardware, so the evolution clearly continues. The software does feel like a good middle ground between Synology and QNAP, even if missing the killer apps and hardware that gave them their market share (Thunderbolt3, SHR, Collaboration Suite, etc) and with a number of their newer releases arriving at a good chunk of $£ lower in price than comparative NAS from others (often more than 10-15% lower in fact).

PROS of Asustor NAS

• Great Price vs Hardware – Often one of the lowest Prices Hardware solutions available
• Recent Lockerstor Gen 2 Releases are Incredible Value for the Hardware
• BTRFS Support
• First Brand to Adopt 2.5Gbe Commercially
• Nice software and still supports Kodi (unofficially), something slowly being pulled from other NAS Software stores – FULL REVIEW HERE
• Good selection of Home and Business NAS devices
• Early Adopter of HDMI 2.0a – so 4K at 60FPS and have their own HDMI GUI in Asustor Portal
• VM deployment and Container Support not dissimilar from QNAP, only not quite as flash
• Noise is pretty low on most home devices like the Nimbustor 2/4
• More Apps are available on the NAS app store, more than QNAP and Synology
• Product Naming is easier to follow than most brands

CONS of Asustor NAS

• Mobile Apps are very functional but appear a little sparse
• Many HDMI apps seem to be simplified web portals, rather than standalone applications
• Browser-based GUI does not feel quite as smooth as Synology DSM, but on par with others
• The Surveillance Center application feels very dated and less intuitive than most
• Have been targetted by Ransomware attacks in the last 2 years

Asustor Drivestor 2 NAS – $165 4-Core ARM 64bit CPU – 1GB Memory – 2.5GbE – 2-Bay	RECOMMENDED – Asustor LockerStor4 G.2 – $550 4-Core Intel 64bit CPU – 4/16GB Memory – 2.5GbE – NVMe – 4-Bay	Asustor LockerStor 10 Pro NAS – $1299 4-Core Intel 64bit CPU – 8/32GB Memory – 10G+2.5G – NVMe -10-Bay
Best Budget NAS Check Amazon Below for Current Prices/Stock	Best Mid-Range Solution Check Amazon Below for Current Prices/Stock	Best Business Solution Check Amazon Below for Current Prices/Stock

---

Why Choose WD NAS? Advantages and Disadvantages

Although they have been a little quiet in terms of their hardware output recently, WD NAS is a brand that has been around for years (though most know them as a hard drive brand) and Western Digital NAS drives are a firm favourite among students and low-level storage solutions. They have a number of solutions in their WD My Cloud range that supports lite home users all the way to industry-level business users who want robust storage. The software may seem a little sparse and a far cry from Synology and QNAP, but they provide straight forward and clear setup. They WILL seem limited to anyone familiar with Synology/QNAP, but they certainly have a place in the industry. With user-friendly support of Apple Time Machine, Plex and DLNA – They are a great starter NAS with pre-populated options to make them extra affordable.

PROS of WD NAS

• Popular HDD Vendor too, with expertise on their side
• Often pre-populated so all warranty is covering Drives+NAS
• Pre-populated NAS options result in better price for storage overall
• Very fast set-up and can be deployed to deploy within 30 mins
• Small+compact – featuring some of the lowest noise and power consumption of all
• 3-year warranty on most units
• Some units have 2 x PSU ports for Redundancy

CONS of WD NAS

• EXT4 only
• Have been VERY Quiet in NAS hardware in the last 12-18 Months
• barely any mobile apps and relies on 3^rd party mobile apps to connect over IP/Network settings
• Smaller App selection in-app store
• Limited User Interface
• No HDMI, 10GBe, only USB 3.0 and 1GBe RJ45
• Often much lower specs than Synology and QNAP
• VERY small range
• Desktop Only – No rackmount or Larger options

WD MyCloud EX2 NAS – $159 2-Core ARM 32bit CPU – 512MB Memory – 1GbE – 2-Bay – Inc Drives	RECOMMENDED – WD MyCloud Pro – $450 4-Core Pentium CPU – 4/8GB Memory – 1GbE – 4-Bay – Inc Drives	WD MyCloud EX4100 NAS – $349 4-Core ARM 32bit CPU – 2GB Memory – 1GbE – 4-Bay – Inc Drives
Best Budget NAS Check Amazon Below for Current Prices/Stock	Best Mid-Range Solution Check Amazon Below for Current Prices/Stock	Best Business Solution Check Amazon Below for Current Prices/Stock

---

Why Choose TerraMaster NAS? Advantages and Disadvantages

One brand that I have always had a personal love for is TerraMaster. This is purely subjective and should be taken with a pinch of salt, but for a brand that no one really knows about, they give ALOT of the key features that other bigger brand advertise alot. BTRFS support is available on pretty much ALL the Intel-based devices, they feature one of the ONLY 4 LAN 2-Bay NAS’, along with an Intel N5105 based 10Gbe 2, 4 5 and 8-Bay solution and a particularly unique 2 HDD 10GbE system. Arriving with a thunderbolt DAS range too, Terramaster is a NAS brand that has evolved comparatively quickly and although for the most part, they are only available via Amazon, this has still allowed them to be a recognizable brand. Typically in a like for like hardware comparison with them and companies like Synology/QNAP, you will find them better value for money, and the software (though less diverse or slick than those two big brands) is still pretty smooth and intuative. The chassis design is a little underwhelming, but even that has improved in recent revisions. All in all, they are the best budget NAS solution out there in 2022 and a good entry point into NAS.

PROS of TerraMaster NAS

• Great Price vs Hardware
• VERY Fast Brand Evolution
• TOS 5 Software introducing Surveillance, FluidRAID, AI-Powered photo Recognition and Isolation Mode
• Added a LARGE 2.5GbE selection of NAS in their portfolio
• Hugely Improved GUI and Client apps
• BTRFS available as file system choice
• Desktop and Rackmount options
• Similar Hardware to QNAP and Asustor, but at a Lower Price
• Straight forward range and classification
• Very Straight Fordwared Setup

CONS of TerraMaster NAS

• Very Few Mobile Apps
• Not quite as polished or fully featured as Synology/QNAP
• Despite Business targeting, very poor support of 10GBe till recently in the F2-423
• A little dated design
• Arrives with Warranty, but the turnaround is slower than many
• Have been targetted by Ransomware attacks in the last 2 years

Terramaster F2-423 NAS – $289 4-Core Intel 64bit CPU – 4/32GB Memory – 2.5GbE – 2-Bay	RECOMMENDED – Terramaster F5-422 – $599 4-Core Intel 64bit CPU – 4/16GB Memory – 10GbE – 5-Bay	Terramaster T12-423 12-Bay NAS – $1399 4-Core Intel 64bit CPU – 4/32GB Memory – 2.5GbE – NVMe – 12-Bay
Best Budget NAS Check Amazon Below for Current Prices/Stock	Best Mid-Range Solution Check Amazon Below for Current Prices/Stock	Best Business Solution Check Amazon Below for Current Prices/Stock

---

---

Why Choose Buffalo NAS? Advantages and Disadvantages

One brand that has danced with the home NAS industry, but pretty much now exclusively business in Buffalo. This brand is one that provides a number of key elements that businesses love. Robust and Rugged hardware design, Empty or Pre-Populated NAS solutions, Customizable Warranty options, Windows Server Pre-Installed Solutions, 10Gbe at an affordable Price and just generally being an enterprise/Business solution through and through. They lack the sexy/indie vibe of other brands, but that is not their target demographic – they want the user who wants storage that is simple, reliable and ‘setup and forget’. This means that on the face of it, they will seem quite pricey, but that is because you have to factor in the inclusion of hard drives, the service+support and the industrial level construction.

PROS of Buffalo NAS

• Great Price vs Hardware for Business Users
• Fantastically Rugged Construction
• Lowest Priced 10Gbe Solutions
• Can be purchased pre-populated, so warranties are all covering
• Desktop and Rackmount options
• Similar Hardware to Netgear, but at a Lower Price
• Straight forward range and classification
• EXCELLENT Windows Storage Server NAS devices, with inbuilt Windows Server 2016 for FAST deployment
• Better Standard Warranty Length and more bespoke Recovery/Destroy options available
• Easier and more customizable Warranty Extension options

CONS of Buffalo NAS

• Very Few Mobile Apps
• Availability outside of U.S and Japan is low
• More focused on Business Users
• Poor power consumption and dated design
• Weak CPU choices on the whole
• Lacks some more modern NAS innovations introduced by QNAP, Synology and more

---

Why Choose Netgear NAS? Advantages and Disadvantages

One brand that has probably the longest history in network solutions is Netgear – pretty much ANYONE has heard of them, whether it was because your first switch/router came from them, or because they have such a squeaky clean reputation. The NAS solutions, much like Buffalo, are very industry-focused, but arriving with a few more features in the GUI department than them. Also arriving with pre-populated options and a diverse warranty structure, they do give alot to business users. They may seem a little ‘blah’, but what they lack in sizzle, they make up for in sausage.

PROS of Netgear NAS

• Huge Mac and Windows Support
• Fantastic Network configuration options
• rugged and sturdy metal design
• Often longer warranties than other brands like-for-like
• Can be purchased pre-populated, so warranties are all covering
• Supports usual RAID levels, as well as X-RAID and X-RAID 2 – Expandable RAID volumes not unlike SHR
• Desktop and Rackmount options

CONS of Netgear NAS

• High price Tag
• Releases are very few and far between
• Despite Business targeting, very poor support of 10GBe
• Small App selection
• Limited User Interface
• REALLY confusing range
• Not designed for a newbie – and larger units may need a dedicated IT guy
• High power consumption and not the quietest

Should you buy Budget NAS brands like D-Link or Zyxel?

It should be highlighted that there are more NAS brands available than the ones discussed today. with each passing year more and more brands release their own NAS server for home and business use. However, in many cases, they are either too unreliable, too low on support and features, too technical for anyone with below-bill-gates depth of knowledge and most importantly most all, arrive from a brand without an established reputation. When it comes to buying the right network-attached storage device, you need to know what your buying works, as well as knowing that the manufacturer will be there in the event of a problem. likewise, you are trusting you’re are most likely trusting this brand with your most precious data (some photos and videos are irreplaceable) and from data loss to data theft, choosing the right NAS brand is essential.

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.   

Dirty Pipe Linux Weakness and Why You and your Linux Based NAS Should Care?

For those that might not be aware, a vulnerability in Linux kernel 5.8 and above was disclosed by Max Kellerman last week and publically disclosed (with a proof of concept demonstrating the weakness) and this vulnerability was reported (tracked under CVE-2022-0847) and effectively allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root. This Linux vulnerability is reported to be comparable to the Dirty CoW vulnerability found in Linux from 7 years ago (CVE-2016-5195) where an exploit was used for pushing malware onto software services. Full details on the public disclosure and demonstration of the vulnerability by Kellerman can be found here, but the larger impact of this is that there are many, MANY different software platforms around the world that utilize Linux as the base of their systems and alongside Android and smart home appliances, one big advocate of Linux kernel-based development is NAS storage providers in their systems and services. Now, on the plus side, Linux was incredibly quick to implement a patch on this and the vulnerability has been closed on Linux kernels 5.16.11, 5.15.25, and 5.10.102, however, most NAS servers use different versions of the Linux kernel, as well as roll out updates to their varied hardware systems in a most bespoke fashion. This leads to them potentially running outdated kernels and leaving a door open to this exploit, posing a significant issue to server administrators. We fully expect NAS brands to roll out updates where appropriate/applicable shortly to close this vulnerability, however, one consistent thread in the past when some NAS brands have been hit by ransomware/malware exploits is when vulnerabilities that are found in older software revisions are left unchecked by the end-user (ignoring brand updates or practising unsafe network security). So today, let’s discuss the dirty pipe vulnerability, how/if it affects Synology, QNAP, Asustor and Terramaster NAS platforms right now and what you should do right now to avoid any exploits being used on your system.

What is Dirty Pipe?

In brief, Dirty Pipe is a vulnerability in Linux Kernel 5.8 onwards that allows local users to inject their own data into sensitive read-only files, removing restrictions or modifying configurations to provide greater access than they usually would have. This was first registered and made publically known by Mark Kellerman and he gives an incredibly concise and detailed breakdown on the vulnerability, how he found it and it’s implications in this article by him.

“It all started a year ago with a support ticket about corrupt files. A customer complained that the access logs they downloaded could not be decompressed. And indeed, there was a corrupt log file on one of the log servers; it could be decompressed, but gzip reported a CRC error. I could not explain why it was corrupt, but I assumed the nightly split process had crashed and left a corrupt file behind. I fixed the file’s CRC manually, closed the ticket, and soon forgot about the problem. “Months later, this happened again and yet again. Every time, the file’s contents looked correct, only the CRC at the end of the file was wrong. Now, with several corrupt files, I was able to dig deeper and found a surprising kind of corruption. A pattern emerged.”” Kellermann said. 

A short while afterwards, a security advisor by the name of BLASTY updated this with an increasingly easier method of its execution and also publically disclosed it, highlighting just how much easier it made it to gain root privileges by patching the /usr/bin/su command to drop a root shell at /tmp/sh and then executing the script. This all means that it makes it possible for a user to gain admin authentication and system powers and can then execute malicious commands to the system.

Dirty Pipe PoC (https://t.co/ql5Y8pWDBj) works beautifully. pic.twitter.com/OrRYJE5skC

— blasty (@bl4sty) March 7, 2022

These can range from malware to (the increasingly more likely) a ransomware action that would encrypt the contents of the system and demand a fee for it’s decryption. Now, the nature of this exploit at this time (for systems that have not or cannot update to the latest patch Linux kernel 5.16.11, 5.15.25, and 5.10.102 right now) is still limited as it would only be usable in the event of a targetted attack and/or the need for a further utility or application in the system to execute the follow-up command. Now the extent to which this affected NAS Drives from the popular off the shelf private server providers is actually surprisingly diverse and a big part of that comes down to how each NAS brand is utilizing Linux. More precisely, different NAS brands are running their NAS system software on differing kernels of linux that they update over time, as well as individual systems in their respective portfolio (for reasons of hardware and utility) also run slightly different revisions of Linux for their software, eg Synology and DSM, QNAP and QTS, Asustor and ADM, etc. So, how does this affect each NAS brand, if at all?

What is the Impact of Dirty Pipe on Synology NAS?

By the looks of things, Synology NAS and DSM 7/7.1 are not susceptible to the Dirty Pipe vulnerability. This is largely down to the Diskstation Manager software and services running on Linux kernel 4.4 (this will vary in subversion depending on the Synology NAS solution). The vulnerability that is executed is found in version 5.8 onwards and even if Synology update their platform to this linux revision in the near future, they would also use the patched revisions and therefore avoid the weakness. Indeed, a bold move by the brand themselves on Reddit when an official Synology rep on the /synology sub reddit made it abundantly clear (zero ambiguity) that the Synology NAS platform and DSM7 was not going to be touched by this:

This i further highlighted by the brand’s security advisory not even acknowledging this in any way HERE. Generally, Synology are s#!t hot on updating their advisories, so this is a very good sign and I would believe them on this (as well as the kernel versions backing this up).

What is the Impact of Dirty Pipe on QNAP NAS?

QNAP NAS, QTS and QuTS run a higher revision of the Linux kernel than Synology, which unfortunately means that this vulnerability (although targetted in design and closed in it’s scope). QNAP runs kernal 5.10.60 on it’s Prosumer, business and enterprise systems and kernal 4.2.8 on it’s more affordable/ARM systems. Once again, it is worth remembering that this si a vulnerability that was found in Linux, not QTS/QuTS, so not only is this something that is not QNAP’s fault but also that issuing a patch/firmware update for their software and services will not be immediate (as they run a modified linux platform and any update needs internal implementation and testing before rolling out). QNAP issued details on this remarkably quickly via their Security Advisory pages with an updated line on this and highlighted which systems in their portfolio were unaffected (running Linux Kernel 4.X onward) as well as ones that feature the affected linux revision that an update will be available for shortly. Here is a breakdown of what they said:

• 
  

  Release date: March 14, 2022

• 
  

  Security ID: QSA-22-05

• 
  

  Severity: High

• 
  

  CVE identifier: CVE-2022-0847

• 
  

  Affected products: All QNAP x86-based NAS and some QNAP ARM-based NAS running QTS 5.0.x and QuTS hero h5.0.x

• 
  

  Not affected products: QNAP NAS running QTS 4.x

• 
  

  Status: Investigating

A local privilege escalation vulnerability, also known as “dirty pipe”, has been reported to affect the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x. If exploited, this vulnerability allows an unprivileged user to gain administrator privileges and inject malicious code. The following versions of QTS and QuTS hero are affected:

• QTS 5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS
• QuTS hero h5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS

For a full list of the affected models, please check “Kernel Version 5.10.60” in the following link: https://www.qnap.com/go/release-notes/kernel. QNAP is thoroughly investigating the vulnerability. We will release security updates and provide further information as soon as possible. Recommendation – Currently there is no mitigation available for this vulnerability. We recommend users to check back and install security updates as soon as they become available.

So, if you are curious if your system is running the affected linux kernel, you can find a list of QNAP NAS systems that feature 5.10.60 below:

QNAP are working on this right now and although an firmware update should be available quickly, I would recommend heading to the bottom of this article for recommendations on securing your storage and network setup either in the long term OR till an official patch is issued.

What is the Impact of Dirty Pipe on Asustor NAS?

In more positive news, not only is Asustor and ADM 4 not affected by the dirty pipe vulnerability but also the brand has been fantastically loud about this in their security advisory pages. This is one of those rare occasions where a brand has added an entry to their advisory pages for a vulnerability that is NOT impacting their systems. I kind of wish we saw more of this, as even if a brand is NOT affected by a weakness that is being reported on servers, users would rather be abundantly clear. You can find out more from Asustor’s security advisory pages HERE, but the details are available below:

Severity	Status
Not affected	Resolved

Details – A flaw was found in the way the “flags” member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read-only files and as such escalate their privileges on the system.

Statement – None of ASUSTOR’s products are affected by CVE-2022-0847, this vulnerability issue only affects with Linux Kernel 5.8 and above. The Linux Kernel version built in ADM 4.0 is 5.4, and 4.14 in ADM 3.5.

So, they are making things remarkably clear that regardless of the current update/firmware status of your system, you are unaffected.

What is the Impact of Dirty Pipe on Terramaster NAS?

Details on the linux kernel that is utilized by Terramaster in their NAS systems in the current TOS 4 software that is available (As well as the TOS 5 beta) are still being investigated and I will update the article shortly with my findings. Early checks seem to indicate that TOS 4 is running on an earlier version of linux and therefore unaffected. However, I will confirm this and the TOS 5 beta status as soon as possible here in the article.

What Security Measures Should NAS Owners Take to Avoid Dirty Pipe?

Although the circumstances that need to execute this Linux dirty pipe vulnerability towards your NAS are quite restricted (classing this largely as a targetted attack, as a little bit more prior knowledge is needed about the targeted system in order to exploit it and execute code), this should still not leave users to remain complacent. Regardless of whether you are a QNAP, Synology, Asustor or Terramaster user, you should be actioning safe and secure working practices with your data – as well as ensuring that you have sufficient backups in place of your mission-critical and/or irreplaceable data! Here are some recommendations for your NAS setup to reduce the potential for you to be affected by any exploited vulnerability that could well be currently unidentified in your setup:

If you are concerned about being vulnerable to Dirty Pipe and want to ‘shut the doors’ a bit till a firmware update:

• Disable Port Forwarding
• Disable uPnP Auto Configuration Tools
• Disable SSH & Telnet Services
• Change Your Port Numbers

If you want to take a moment to do some security and access house-keeping:

• Disable Admin Accounts
• Enable Auto Updates
• Add 2-Step Verification
• Use Strong Passwords
• Limit App File/Folder Access to applications they do not need them

And finally, most important of all – GET YOUR BACKUPS IN ORDER!

I will repeat this as many times as it takes, but you should NOT be measuring the cost of your backups by the cost of the hardware. You should measure them by the COST to YOU if that data is permanently LOST! Additionally, if all your mission-critical/irreplaceable data is in ONE location (eg on the NAS, sent from your phones and PCs, then deleted from those to make space), then THAT IS NOT A BACKUP! That is the single repository of that data! Get a USB Backup in place, get a Backblaze Subscription HERE affordably or some cloud space in general, get another NAS – whatever it takes! If you need help arranging your NAS backups on your QNAP or Synology NAS, use the video guides below:

Finally, if you want to stay on top of the vulnerabilities that are publically disclosed on Synology, QNAP, Asustor or Terramaster, I STRONGLY recommend following and/or adding your email to the article below. We automatically crawl the security advisory pages from the top NAS brands and have created a single page that automatically lists and updates the status of known NAS vulnerabilities as soon as they are revealed.

Thanks for reading and let’s keep your data safe together!

 

 

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR ANY OTHER NAS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.  

Getting Your Asustor NAS System Up and Running Again After Ransomware Attack

It has now been a few days since the initial attack of Asustor NAS systems by the deadbolt ransomware attack and although full recovery is still not a complete option for a lot of users (without having to take the agonizing step of paying the group for an encryption key – gah!), there have been steps by users, the linux community and Asustor to mitigate some of the damage for some and for those unaffected, allow them to use their systems with a little more confidence and comfort. Below are some instructions that will be of use to users who are currently in the following situations with their Asustor NAS:

• When the encryption/attack first started (or you first noticed the NAS activity) you powered down your system abruptly and your NAS now shows as Uninitialized’
• You Have the Asustor NAS working, but are being greeted by the black deadbolt threat screen that you want to navigate around WITHOUT using SSH/Command line
• You are in either of the above two positions AND you have snapshots or a MyArchive routine setup on your NAS

If any of those three setups are how you would describe the position that you/your Asustor NAS is currently in, then you may well find this guide useful. However, DO remember that you are still dealing with your data and although this guide has been provided for the most part by the band themselves (with additions by myself – Robbie), you should immediately have a backup of your data (even if it’s encrypted in case of a system failure etc) and/or an external drive ready to move any/all data over too. If you caught the ransomware encryption early, then you might still have a  good % of your data still ok. Observing numerous affected machines have shown us that the encryption/changes begin at the system level (ie so it can change the index screen and renaming, etc), so in some cases, some people have reported that they caught it in time for some data to have been RENAMED (i.e the .deadbolt prefix that is affecting access or older structure in some cases) but not actually encrypted. So, this guide is about getting you into a position to access your Asustor NAS GUI and whatever the state of your data is. After that, you may still have no option but to format your system, wait for any kind of brand/community recovery method or (and I do not say this lightly, as the thought of continuing this kind of behaviour is disgusting) pay the ransom to get your data back. I appreciate that this is S&!T but some business users might have little choice. Let’s discuss access recovery options. If you are unaware of everything that has occurred to asustor and the deadbolt ransomware, you can use the attached video below:

Asustor NAS – How to Get Your NAS Running Again If It Is Saying Uninitialized

If you powered down your NAS abruptly when you saw the black threat screen OR unusual activity on your NAS (either by pulling the power cord or holding the power button for 5-10 seconds), then chances are that as the encryption hits the system files first and was in progress, that your NAS is not showing as ‘uninitialized’. This is because the system software is no corrupted. Yesterday Asustor released a new firmware update that closed the vulnerability (they claim, I have not verified personally yet). So, the following steps in the guide using the client desktop software Control Center and an internet connection (can be just on your PC/Mac and you directly connect with your Asustor if you choose) will allow you to access your NAS login GUI.

If you have shut down before, please connect to a network. If you enter the initialization page, please follow the instructions below to update your NAS:

Step 1

• If you enter the initialization page and have an Internet connection, please press Next.

• Please click Live update and then click Next.

Step 2

• If you’re on the initialization screen and not connected to the Internet, please download ADM from ASUSTOR Downloads to your computer.
• Once done, manually update ADM by uploading the ADM image file from your computer as shown below.
• Please press Next.

Step 3

• Update.
• After the update has completed, you’ll be able to return to ADM.

Asustor NAS – If You Are Still Seeing the Black Threat Deadbolt Ransomware Screen

If you have access to your NAS drive BUT are faced with the black threat login screen replacement that replaced the previous one AND have followed the previous steps to install the latest firmware, the next three steps should allow your to navigate AROUND this and remove it entirely.

If the ransomware page remains after you connect to a network:

• Please turn off your NAS, remove all hard drives and reboot.
• When the initialization page appears, reinsert the hard drives.
• Please follow the instructions above to update your NAS.

Asustor NAS – How to Restore Data with Snapshots, MyArchive Backups or Mirrored Volumes

Now, the next step is not going to be an option for everyone. Once you have logged in and accessed the extent of the file damage by encryption (eg, % of files affected, are they encrypted completely OR just renamed? etc). The following steps will be of use to those of you who are running a BTRFS setup and setup snapshots and/or the MyArchive backup/sync storage service. This part of the guide also includes the means to install a ransomware tool that (I know, ANNOYINGLY) gain access BACK to the black encryption entry screen. So if you have no choice (I am not judging you, the importance of your data is your call) and are going to choose to pay the ransom as it is going to cost you less than not retrieving your data, then you can use this ‘ransomware status’ tool to gain access back to the payment screen, encryption key window and ultimately allows you to pay the hackers. Again, it’s your call.

If you want to restore data and you have more than one volume installed on your NAS, use MyArchive drives, or have previously made Btrfs snapshots, please refer to the following instructions below. Restore all backups that you may have. Alternatively, if you have Btrfs snapshots, use Snapshot Center to restore previous versions of files and erase changes done by ransomware.

If regular backups were not kept and you want to enter the decryption key to retrieve lost data:

• Please download and install Ransomware Status by sideloading it into App Central.

• Confirm details and press Install.

• Wait for installation to complete.

• Reload the webpage to enter the ransomware screen again. You’ll be able to enter the decryption key.

• If you want to return to ADM, you can do this in one of three ways. You can add backup.cgi after/portal/ in the address bar of your browser, you can hold the power button for three seconds to shut your NAS down and turn it on again or you may use ASUSTOR Control Center or AiMaster to restart your NAS.

 

• Afterwards, it is imperative to uninstall Ransomware Status from App Central.

 

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR ANY OTHER NAS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.  

If you own an Asustor NAS and are reading this – CHECK IT NOW

Original Article – As of around 1 hour ago, multiple users online are reporting that their Asustor NAS systems have been attacked by ransomware known as Deadbolt. Much like the ransomware attack of QNAP NAS systems of the same name, this is a remote-command-pu#sh encryption attack that takes advantage of a vulnerability in the system software to command the system to encrypt the data on the NAS system, but with the added twist in this recent update of adding a new login GUI style space screen asking for 0.03BTC.

Updated 24/02 09:45 GMT

Asustor has just released a firmware update for their ADM 4 systems (HERE) for users who have not been hit by the Deadbolt ransomware attack, who are keeping their systems offline and/or powered down until the security issue/vulnerability was identified and neutralized. Here are the Asustor details on this:

An emergency update to ADM is provided in response to Deadbolt ransomware affecting ASUSTOR devices. ASUSTOR urges all users to install the latest version of ADM as soon as possible to protect themselves and minimize the risk of a Deadbolt infection. ASUSTOR also recommends taking measures to guard against the potential harms of Deadbolt in accordance with the previously announced protective measures. Please review the measures below to help increase the security of your data on your ASUSTOR NAS.

• Change your password.
• Use a strong password.
• Change default HTTP and HTTPS ports. Default ports are 8000 and 8001 respectively.
• Change web server ports. Default ports are 80 and 443.
• Turn off Terminal/SSH and SFTP services and other services you do not use.
• Make regular backups and ensure backups are up to date.

In response to increasing numbers of ransomware attacks, ASUSTOR has committed to an internal review of company policies to regain customer trust. This includes, but is not limited to increased monitoring of potential security risks and strengthening software and network defenses. ASUSTOR takes security very seriously and apologizes for any inconvenience caused.

Updated 23/02 21:03 GMT

Much like the deadbolt attack on QNAP devices earlier in 2022, in the changed index GUI on affected NAS’, the deadbolt team are offering to provide information to ASUSTOR about the zero-day vulnerability used to breach NAS devices and the master decryption for all affected users to get their data back. The DeadBolt link includes a link titled “important message for ASUSTOR,” which displays a message from DeadBolt for the attention of ASUSTOR. DeadBolt orchestrators are offering to details of the vulnerability if ASUSTOR pays them 7.5 BTC, worth $290,000. DeadBolt is also offering ASUSTOR the master decryption key for all victims and the zero-day breakdown explained for 50 BTC, worth $1.9 million. The ransomware operation states that there is no way to contact them other than making the bitcoin payment. However, once payment is made, they say they will send the information to the [email protected] email address.

Updated 06:50 GMT

Asustor has issued the following statement and recommendation for those who are (or believe they have been affected by the Deadbolt ransomware):

In response to Deadbolt ransomware attacks affecting ASUSTOR devices, ASUSTOR EZ-Connect, ASUSTOR EZ Sync, and ezconnect.to will be disabled as the issue is investigated. For your protection, we recommend the following measures:

Change default ports, including the default NAS web access ports of 8000 and 8001 as well as remote web access ports of 80 and 443.
Disable EZ Connect.
Make an immediate backup.
Turn off Terminal/SSH and SFTP services.

For more detailed security measures, please refer to the following link below:
https://www.asustor.com/en-gb/online/College_topic?topic=353

If you find that your NAS has been affected by Deadbolt ransomware, please follow the steps listed below.
1. Unplug the Ethernet network cable
2. Safely shut down your NAS by pressing and holding the power button for three seconds.
3. Do not initialize your NAS as this will erase your data.
4. Fill out the form listed below. Our technicians will contact you as soon as possible.

https://docs.google.com/forms/d/e/1FAIpQLScOwZCEitHGhiAeqNAbCPysxZS43bHOqGUK-bGX_mTfW_lG3A/viewform

Regarding filling out the technical support form, this is likeLy to help the brand identify the scale of the issue, but also allow a faster sharing (to those affected) of any recovery tools that might be possible. However, the culprit is looking increasingly like the EZ Connect Asustor Remote service. This has been further backed up by the fact that the official Asustor ADM demo page has also been hit by the Deadbolt ransomware (now taken offline). Additionally, many users who powered down their device during the deadbolt attack, upon rebooting their NAS system have been greeted with the message in the Asustor Control Center application that their system needs to be ‘re-initialized’. The most likely reason for this is that during the encryption processes, the core system files are the first files that get targeted and if the system was powered down/powered off immediately during this process, it may have corrupted system files. We are currently investigating if a recovery via mounting a drive in a Linux machine is possible (in conjunction with roll-back software such as PhotoRec).

If your Asustor NAS is in the process of being hit (even if you simply suspect it) as your HDDs are buzzing away unusually (and the HDD LEDs are flickering at an unusual hour), then it is recommended that you head into the process manager and see if the encryption process has been actioned by Deadbolt. The following suggestion of action was suggested by NAScompares commenter ‘Clinton Hall’ :

My solution so far, login vis ssh as root user

cd /volume0/usr/builtin
ls


you will see a 5 digit binary executable file For me it was 22491. I use that in the following command to get the process ID

ps | grep 22491


from this I got the Process id 25624. I kill that process

kill 25624


I then remove the binary file

chattr -i 22491
rm -f 22491


Now, restore the index as above

cd /usr/webman/portal
chattr -i index.cgi
rm index.cgi
cp index.cgi.bak index.cgi


Now for the fun part…. a LOT of file had been renamed (not encrypted) to have .deadbolt appended to the end of the filename… So rename them back

(note, you may want to do this folder by folder and check it is working). The following will do for the entire /volume1

cd /volume1
find . -type f -name "*.deadbolt" -exec bash -c 'for f; do base=${f##*/}; mv -- "$f" "${f%/*}/${base//.deadbolt/}"; done' _ {} +


After these are all renamed, everything should work. Probably a good idea to reboot to restart the services etc.

Also, I’m not sure if the above will definitely traverse the [email protected] etc… so I did this manually

cd /volume1/[email protected]
find . -type f -name "*.deadbolt" -exec bash -c 'for f; do base=${f##*/}; mv -- "$f" "${f%/*}/${base//.deadbolt/}"; done' _ {} +

If you have not been hit, I would recommend you action the following from within your Asustor NAS (or better yet, where possible) power the device down until an official statement and a possible firmware patch is issued.

• Disable EZ Connect
• Turn off automatic updates
• Disable SSH (if you do not need it for other services)
• Block all NAS ports of the router, and only allow connections from inside the network

Updated 19:30 GMT

More details are coming up and it looks like (at least looking at the messages on the official Asustor  Forum and Reddit) the vulnerability stems from a vulnerability in EZConnect that has been exploited (still TBC). User billsargent on the official Asustor forums has posted some useful insights into how to get around the login screen and also details on the processes:

Take your NAS OFF of ezconnect. Block its traffic incoming from outside.
This overwrites the index.cgi with their own. In /usr/webman/portal there is a backup copy of your index there.
To remove theirs, you need to chattr -i index.cgi and replace it with the backup.
But you’ll also have to kill the process. Mine had a process that was just numbers running. I killed it, then deleted it. In /tmp there was another binary that was just numbers.
This is probably not possible to fix without a reset but you can get back into your portal with the above info. Right now though mine is still immediately replacing the index.cgi. 

And:

I am assuming you have ssh capabilities? If so you just need to ssh in and login as root and run these commands. This should help you get back into the portal.

cd /usr/webman/portal
chattr -i index.cgi
rm index.cgi
cp index.cgi.bak index.cgi

If you look at the index.cgi they created before you delete it, its a text script.
I am still in the investigative stages but nothing in my shares have been locked up with this yet. Just things in /root so far.
I’ve pulled out a ton of LTO tapes to backup my data. I think this is going to require a full reset. I hope asustor releases a fix for this but I will never again allow my NAS to have outside access again.

For clarification. This is what my /usr/webman/portal directories looked like. the .bak file is the original index.cgi.
I apologize if my posts seem jumbled up a bit. I’m trying to help and also figure this out as well. So I’m relaying things as I find them in hopes that others will be able to at least get back to their work.

Thank you to Asustor user billsargent for the above and full credit to him on this of course.

(Continuing with the Original Article from 21/02 17:30 GMT)

Although it is still very early in the actioning of this encryption attack, these attacks are slowly starting to emerge on forums right now, as well as twitter, see below:

やばい！!家のASUSTOR製NASがDEADBOLTとか言うランサムウェアに攻撃された!QNAP製のNASに最近入るってのは見たけど、まさか自分のNASもやられるとは…
そこまで大事なデータ入れてなかったのが不幸中の幸いだけど700GBくらいのデータ死んだのショックASUSTOR NAS使ってる人すぐネット切断した方がいい pic.twitter.com/gBFu8yx4hG

— sudara (@sudara_hodara) February 21, 2022

Additionally, this splash message contains a call-out to Asustor themselves (much like the QNAP NAS deadbolt attack) that states a message and a link for the brand to open a discussion (i.e pay) towards a master key and details of the vulnerability they have exploited:

“All your affected customers have been targeted using a zero-day vulnerability in your product. We offer you two options to mitigate this (and future) damage:”

Details are still emerging, so I will keep this article short and sweet for now (and add more later as details emerge), if you own an Asustor NAS drive, check it immediately! Regardless of whether you have enabled remote access via EZConnect or not (as that is not necessarily the key to the attack vector and possible remote DLNA port changes by your system, for example), check it now and ideally disconnect it from the internet. Currently, there is not enough information to ascertain if this relates to a case of ‘out of date firmware’ having an existing vulnerability or something inherent in the current firmware. Regardless, check your system and where possible, disconnect it from the internet until further details are confirmed here, on reputable sites such as Bleeping Computer or via direction from Asustor themselves.

Once you log into your NAS, check your logs and check your processes. If you have the means to backup to a NEW location, do so. DO NOT overwrite your existing backups with this backup unless you are 100% certain you have not been hit by deadbolt ransomware.

What to Do if you have been hit by the Deadbolt Ransomware

If you have been hit by the vulnerability, you will likely be unable to connect remotely with your NAS files/folders. Even if you can, you need to check whether you can open them or they have been encrypted to a new format (the extension/ .type or file will have changed). The following users commented onreddit and there are similar threads that we can see on their setup and how they got hit.

IF you still have access to your files, get your backups in order!!!!!

Otherwise, if you have been hit by this, then you need to disconnect your system from the internet. Killing any processes in the task manager is an option HOWEVER do bear in mind that doing so might corrupt currently encrypting files and therefore stop any kind of recovery. I am checking with a couple of affected users (as well as reaching out to Asustor as we speak to see if a suitable course of action can be recommended. Some users who have restarted their system or immediately pulled the power and rebooted have found that their system now states that it needs to be reinitialized.

One big factor to keep in mind right now is that not is still unclear if a) the deadbolt ransomware can be killed as a system process in the Asustor control center (I do not have an Asustor NAS that is affected in my possession right now) and b) if switching your system off DURING the deadbolt attack can lead to the data being unsalvagable as the encryption is partway through. So, disconnect from the internet (physically and via EZConnect for now) and if you can see youR CPU usage spiking and/or your HDD LEDs going nuts, you are likely being hit.

My Asustor NAS is Saying it is Uninitialized

DO NOT RE-INITIALIZE YOUR NAS. At least not yet, if you have already powered your NAS as a reaction to the attack (understandable, if not the best choice without knowing the full attack vectors or how this affects the encryption) and you are being greeted by the option to reinitialize in the Asusto Control Center application, then power the device down again. But again, I only recommend this action right now for those that already reacted to the attack by shutting down their system/restarting already post-attack

If I am not hit by Deadbolt, Should I disconnect my Asustor NAS from the internet?

For now, YES. As the act vectors are not clear and there are reports from some users right now that state that they had the latest firmware, they were still hit, there is so much unconfirmed info here to allow remote access (in my opinion) and until further info is made available, I strongly recommend disconnecting your Asustor NAS from the internet (wire AND via the software settings) and getting your backups in order.

I will update this article soon as more information becomes available.