Mar 25



On February 22, 2019, D-Link was made aware of the Cr1ptT0r Ransomware targeting some D-Link Network Attached Storage (NAS).


Public post


Bleeping Computer : HERE


Description of Ransomware Security Issue:

In a Ransomware attack,the Ransomware encrypt stored information and then demands payment to decrypt the information. At this time, based on the current information available to us, the antivirus companies have not yet created a new tool  to decrypt information attacked by the Cr1ptT0r Ransomware (or Ransomware family). To recover the encrypted information, users will need to retrieve the data from their previous backup.

The models in the table below are potentially at risk. For owners of these products, we urge you to take the following actions promptly:


Model H/W Version Latest F/W Version Actions to take
DNS-320 Ax 2.05 Disable the Internet connection to NAS
DNS-320 Bx 1.02 Disable the Internet connection to NAS
DNS-325 Ax 1.05 Disable the Internet connection to NAS
DNS-320L Ax 1.11 Update to latest firmware version
DNS-327L Ax 1.10 Update to latest firmware version

Ransomware is a virus that attacks a device. Once the device is infected by the virus, firmware updates will not restore your data.  Firmware updates are often directed  to address security vulnerabilities from internet attacks in D-Link devices. Given new tools were created by anti-virus companies to address the prior instances of ransomware attacks, there may be decrypting tools developed in the future. Until that time, Tto better protect your devices from Internet viruses, malware and ransomware:

1. Do not connect these devices directly to the Internet and/or port-forward services directly from the Internet.

  1. Keep device firmware up-to-date.

  1. Any computer accessing information on these devices should have appropriate anti-virus protection and malware protection enabled

  1. Regular back-ups of stored information on these devices should occur in case a disaster recovery is needed.

For DNS-320 Ax/Bx users, a security patch firmware version will be available soon.  Until it is available, please disable the port forwarding service and DMZ setting on your router to prevent direct access by the ransomware.

D-Link DNS-325 has passed its end of service date as displayed on its product support page. Once a product is end of service, it is no longer supported by D-Link through customer support and it does not receive software/firmware updates. For these models, please remove the Internet access of NAS on your router by disabling the port forwarding and DMZ setting.

Please check back here or on the specific product page for the most updated information.

Tags: , ,