D‑Link NAS Ransomware Vulnerability

28 Φεβρουαρίου, 2019

On February 22, 2019, D-Link was made aware of the Cr1ptT0r Ransomware targeting some D-Link Network Attached Storage (NAS). The public post from Bleeping Computer can be found:  here.

Description of Ransomware Security Issue:

In a Ransomware attack, the Ransomware encrypts stored information and then demands payment to decrypt the information. At this time, based on the current information available to us, the antivirus companies have not yet created a new tool to decrypt information attacked by the Cr1ptT0r Ransomware (or Ransomware family). To recover the encrypted information, users will need to retrieve the data from their previous backup.

The models in the table below are potentially at risk. For owners of these products, we urge you to take the following actions promptly: 


H/W Version

Latest F/W Version

Actions to take




Update to latest firmware version




Update to latest firmware version




Disable the Internet connection to NAS




Update to latest firmware version

DNS-327L Ax  1.10 Update to latest firmware version

Ransomware is a virus that attacks a device. Once the device is infected by the virus, firmware updates will not restore your data. Firmware updates are often directed to address security vulnerabilities from internet attacks in D-Link devices. Given that new tools were created by anti-virus companies to address prior instances of ransomware attacks, there may be decrypting tools developed in the future. Until that time, to better protect your devices from Internet viruses, malware and ransomware:

  1. Do not connect these devices directly to the internet and/or port-forward services directly from the internet.
  2. Keep device firmware up-to-date.
  3. Any computer accessing information on these devices should have appropriate anti-virus protection and malware protection enabled.
  4. Regular back-ups of stored information on these devices should occur in case a disaster recovery is needed.

For DNS-320 Ax/Bx users, a security patch firmware version will be available soon. Until it is available, please disable the port forwarding service and DMZ setting on your router to prevent direct access by the ransomware.

D-Link DNS-325 has passed its end of service date as displayed on its product support page. Once a product is end of service, it is no longer supported by D-Link through customer support and it does not receive software/firmware updates. For these models, please remove the Internet access of NAS on your router by disabling the port forwarding and DMZ setting.

Please check back here or on the specific product page for the most updated information.