General NAS-Central Forums

Welcome to the NAS community
It is currently Tue Mar 20, 2018 5:43 am

All times are UTC

Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Tue Jan 09, 2018 9:44 am 

Joined: Tue Jan 09, 2018 9:08 am
Posts: 1

Would anyone be able to advise me what I need to do to clean up following a StorageCrypt attack/infection?

Stupidly I had not updated my NSA 325 with the latest firmware and equally as stupidly port 445 was open via upnp on my firewall - that is how I assume I ended up getting infected with StorageCrypt on my NSA 325. So we have a benchmark - I'm stupid! (Not so stupid that I don't have backups though ;) )

I have closed the holes in my firewall and updated my NAS firmware. I put some clean files on the NAS and checked a couple of days later - they are still clean.

But how do I know I'm really clean? Or does switching out the firmware mean that I get a clean build anyway?

Any advice would be greatly appreciated.


PostPosted: Tue Jan 09, 2018 1:07 pm 

Joined: Mon Jun 16, 2008 10:45 am
Posts: 6179
Have a look at the running processes. Run 'ps' in the command prompt, to see if anything suspicious is running.

But unless your StorageCrypt was specifically targetting ZyXEL NASses, I think simply rebooting is enough to get the infection gone. The firmware is either on a ramdrive, or on a read-only drive, so it's hard to install anything which will survive a reboot.
Of course it can be done, else you wouldn't be able to install any packages, but it won't happen by accident.

Reading this description on a StorageCrypt attack, it seems it only 'installs' itself in the /tmp/ directory, which is volatile on most Linux systems.
On the other hand, that infection uses nohup to start the binary, which is not available on a NSA3xx, so if your infection is exactly the same, it wouldn't have started.

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC

Who is online

Users browsing this forum: No registered users and 81 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group