Hi all.
I'm not sure if this is a new development or not, the only DLink announcement i've seen (
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10110) only refers to the DNS-32* range of devices.
I've just had my DNS-345 (which was + is running firmware DNS345.1.05b04(1.04.1107.2016) - which appears to be the latest) hit by the Cr1ptT0r Ransomware exploit. Judging by timestamps, it started on Wednesday morning, I discovered it on Friday evening - it' was only part way through.
Fortunately, I have an offsite backup so my data is fine, minus some content from the past couple of months - some of which i've been able to pull unencrypted from my 345.
Schoolboy error - the NAS was connected to the internet, port 443 forwarded etc. My post is therefore more of a warning to others, the DNS-345 is vulnerable to this exploit despite not being mentioned in that briefing unless there's another I havent found. Are D-link even aware that the exploit has evolved to the 345s (and others, maybe?).
The Cr1ptT0r version was v1.1.1 (found under the NAS_prog directory). Files are replaced, the names and file extension remain. I tried a couple of the decryptors out of interest, no luck there. The ransomware appears to zero over the original file, so the 'accidental deletion' type recovery tools wont be able to get them.
While i'm here. I've flashed the firmware again, done a factory reset, re-formatted / rebuilt my disk array and, of course, removed the port forward. Is there anything else I need to do to remove trace of this and prevent files from being re-encrypted once I restore them on?
I've got to say, this has left a real bitter taste in my mouth with DLINK. I know the DNS345 is out of support, but something as destructive as ransomware - I'd have hoped they might have done something as a gesture of goodwill.
I'll finish by reminding everyone to maintain proper backups. Had I not, I'd have lots thousands of photos, documents, home movies. In fact, if anything, I think this experience has convinced me to get another backup to grandfather my data.