ShareCenter Ransomware VulnerabilityOVERVIEW- Affected Devices: DNS-320, DNS-320L, DNS-323, DNS-325, DNS-327L, DNS-340L, DNS-343, DNS-345
- Threat Overview: https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10110
- Description: If the NAS is successfullu attacked it will encrypt file and demand the user pay a fee to have the decrypted. Please upgrade to the latest firmware for your model. The only known way for these type of ransomware can be mitigated is to reformat you entire NAS which will result in the loss of all stored information.
STATUSD-Link is currently investigating this issue.
BEST SOLUTIONThe following are recommendations that will minimize the potential impact by this security threat until a fix is made available
- Upgrade to the latest firmware available for your ShareCenter. (AND ONE OF THE FOLLOWING THREE OPTIONS)
- Only use your ShareCenter while Internet access is disabled.
- Shutdown your ShareCenter until a fix is availble.
- Place your ShareCenter behind a hardware firewall
ALTERNATIVE SOLUTION (WILL MINIMIZE EXPOSURE BUT NOT 100% GUARANTEE OF SAFTEY)The following approach will prevent
direct attacks from the Internet, but will
not protect your ShareCenter from an infected PC within your LAN:
If you own a D-Link router, use the ACCESS CONTROL feature to block direct attacks from the Internet. The ACCESS CONTROL feature allows you to blacklist the ShareCenter IP address, so it will be invisible/blocked from attacks from the Internet.
- Upgrade to the latest firmware available for your ShareCenter
- Assign a STATIC IP ADDRESS to your ShareCenter in your ROUTER (preferable) or from within the ShareCenter firmware
- D-Link Router: ADVANCED > ACCESS CONTROL
- STEP 1: CHOOSE POLICY NAME:
- Select Enable Access Control
- Press Add Policy
- Click Next
- STEP 2: SELECT SCHEDULE:
- Select Always (this will ensure the policy is always active)
- STEP 3: SELECT MACHINE:
- Address Type: IP
- IP Address: Enter ShareCenter Static IP Address
- Press Add
- STEP 4: SELECT FILTERING METHOD:
- STEP 5:: Save settings and reboot router:
- TEST: Test solution by pinging router from a device on the Internet that's not located in your LAN. If you can succesffuly PING the ShareCenter, then the solution is not working.