NAS Ransomware

Last Updated: 11/11/2019

PR Statement:

Overview

On February 22, 2019, D-Link was made aware that the Cr1ptT0r Ransomware was affecting some D-Link Network Attached Storage (NAS): DNS-320 Ax/Bx, DNS-325, DNS-320L, and DNS-327L.D-Link has recently become aware that the following additional models are also vulnerable to the Cr1ptT0r Ransomware: DNS-323 Ax/Bx/Cx, DNS-345, DNS-343, and DNS-340L.

Description of Ransomware Security Issue:

In a Ransomware attack, the Ransomware encrypts stored information and then demands payment to decrypt the information. Based on the information currently available to us, the antivirus companies have not yet created a new tool to decrypt information attacked by the Cr1ptT0r Ransomware (or Ransomware family). To recover the encrypted information, users will need to retrieve the data from their previous backup.

The models in the table below may be affected by the Cr1ptT0r Ransomware. For owners of these products, we urge you to take the following actions promptly:

Model H/W Version Latest F/W Version Actions to take
DNS-320 Ax 2.06 Disable the Internet connection to NAS
DNS-320 Bx 1.03 Disable the Internet connection to NAS
DNS-323 Ax 1.03 Disable the Internet connection to NAS
DNS-323 Bx 1.07 Disable the Internet connection to NAS
DNS-325 Ax 1.05 Disable the Internet connection to NAS
DNS-345 Ax 1.05 Disable the Internet connection to NAS
DNS-323 Cx 1.10 Update to latest firmware version
DNS-343 Ax 1.05 Update to latest firmware version
DNS-320L Ax 1.11 Update to latest firmware version
DNS-327L Ax 1.10 Update to latest firmware version
DNS-340L Ax 1.08 Update to latest firmware version

Ransomware is a virus that attacks a device. Firmware updates are often directed to addressing security vulnerabilities in the devices that may be exploited by Internet attacks such as a ransomware attack. However, once the device is infected by the virus, firmware updates will not restore your data. Antivirus companies have created new tools to address past ransomware attacks and may develop decrypting tools to address the Cr1ptT0r Ransomware in the future. Until that time, to better protect your devices from Internet viruses, malware and ransomware:

1.      Do not connect these devices directly to the Internet and/or port-forward services directly from the Internet

2.      Keep device firmware up-to-date.

3.      Any computer accessing information on these devices should have appropriate antivirus protection and malware protection enabled.

4.      Regular back-ups of stored information on these devices should occur in case a disaster recovery is needed.

DNS-320 Ax/Bx, DNS-323 Ax/Bx, DNS-325 Ax, and DNS-345 Ax have passed their end of service date as displayed on its product support page. For these models, please remove the Internet access of NAS on your router by disabling the port forwarding and DMZ setting.

Once a product is end of service, it is no longer supported by D-Link through customer support and it does not receive software/firmware updates.

D-Link End of Life policy can be found here: https://www.dlink.com/en/eol-policy

Please also check the regional website for the most updated EOL product information.