NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyNas RN2100 hacked
So it appears that my credentials were exposed after a recent data breach from Netgear (thanks guys) and I received an email a few months back saying all my data and been stolen and I wanted to get it back is to pay crypto. Luckily for me, I only saved irrelevant files such as movies and TV shows, so I am not really interested in getting it back.
However what I want to know is, how can I secure my device to ensure the cloud account is no longer linked to my device and what is the best way to use this device moving forward? I never got any email correspondence regarding the end of life of ReadyNAS which is dissapointing but I am not finger pointing or angry, just wanting to resolve this so I can resume my movie server.
Any help is appreciated! Thank you
9 Replies
Replies have been turned off for this discussion
apopcontest wrote:
So it appears that my credentials were exposed after a recent data breach from Netgear (thanks guys)
I'm puzzled here. Can you confirm that the NAS is an RN2100 running 4.1.x firmware? Did you get an email from Netgear telling you there was a breach? Or are you just speculating?
The Netgear cloud services that can reach your NAS over the internet (photos and readyremote) were taken down long ago. There is no Netgear cloud account or server that is linked to your NAS.
How were the hackers able to reach your NAS? Were you forwarding ports to it?
Hello,
Currently away from where my NAS is located for a few days, I can confirm that my NAS is RN2100 running 4.1.x firmware and I do recall reading an email from Netgear informing me of a data breach, however I have had a few to be honest and I never really paid attention to them too much.
I was under the impression that ReadyNAS Cloud was only closed late last year (which I was unaware of) and I have ReadyCloud Client installed on my computer which I cannot access which I understand.
I am not sure how the hackers were able to access my NAS, I can access it using what I created at the time for my username and password which was email and an old password which I never changed, I believe this password is probably available somewhere online for people to make attempts to login using my credentials,Would this be how they were able to access my NAS?
Any recommendations on how to move forward? Do a hard reset? My concern would be that if I placed data on my NAS, a hacker would be able to access my NAS using my old credentials.
apopcontest wrote:
I was under the impression that ReadyNAS Cloud was only closed late last year (which I was unaware of) and I have ReadyCloud Client installed on my computer which I cannot access which I understand.
Netgear branding has often re-used old names, which unfortunately creates a lot of confusion. The ReadyCloud you had installed was shut down in September 2016, so your NAS hasn't been connected to it for 7 years.
The service that was shut down in July was only for ReadyNAS running 6.x firmware. So not compatible with your NAS.
apopcontest wrote:
I am not sure how the hackers were able to access my NAS, I can access it using what I created at the time for my username and password which was email and an old password which I never changed
Let's start from the beginning. FWIW, I don't think your NAS ever supported email format usernames, so that part of your email is a bit confusing.
What apps did you have installed on your NAS? Bittorrent perhaps?
Did you ever forward any ports in your router to the NAS?
You received an email from someone claiming to have encrypted your files. Did they specifically say they had hacked your ReadyNAS? Or just that they had encrypted files? Did you click on any links or open any attachments in that email? It's possible that the email was fake.
You are away from home, and cannot access your NAS. Have you tried accessing it while you were home? When did you lose access?
If you have access, are you able to see your shares? If so, what files are you seeing in the shares?
When you try to access frontview now (when home) are you getting an SSL version or Cipher Mismatch error? Or are you getting something else.
apopcontest wrote:
I believe this password is probably available somewhere online for people to make attempts to login using my credentials,Would this be how they were able to access my NAS?
Not unless you had forwarded ports to the NAS to enable remote connections. Or alternatively if they compromised a PC you use to connect to the internet.
apopcontest wrote:
Any recommendations on how to move forward? Do a hard reset? My concern would be that if I placed data on my NAS, a hacker would be able to access my NAS using my old credentials.
FWIW, I am not (yet) seeing strong evidence that the NAS was in fact hacked. There were changes in Chrome, Edge, Firefox, and Safari last year that do prevent access to Frontview. There are some workarounds, but AFAICT you don't know about them.
It is also possible that disk failures (or a NAS failure) is the actual cause of your problem. So there are other explanations to lack of access that haven't really been ruled out.
Do you only have an access problem reaching your files? Or do you actually see encrypted files on the NAS when you access it.
As far as old credentials go, if you do a factory default then those credentials will no longer work with the NAS. But of course if you also use them for other devices (or accounts) you should start by changing them.
Plus access to your NAS over the internet requires more than the old credentials. Normally your router won't allow a hacker to reach the NAS. So we'd also need to understand how the alleged hacker managed to get through your router.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
