Raid not active after DEADBOLT Ransomware

[dillonalexander]

Hi all.

Yes I am one of the people who even this late still got deadbolted this past weekend. Due to the fact I have no backups and cannot afford to lose this data I paid the ransom and got the key. I put the key in and it removed the deadbolt prompt upon login. I was assuming this would fix more than it did. Now when I log into the NAS it tells me that the raid status is "Not Active" but that all the disks are "Good". The onboard recover raid group feature leads me to a message that says:
"Failed to recover storage pool. Possible reasons:
Someone inserted new disks, or the data is damaged.
To continue, insert the original disks into the NAS and
recover the pool again, or delete the pool and create a new one. "

I was able to ssh into the device (TS - 451) and run md_checker and got the status as OFFLINE. I can see all the drives and each of those is listed as active.

I have followed a few other posts and so far none of the commands have worked to restore the raid. I am really at a loss. I put a ticket in with QNAP but it has been days now and they have not replied.

Does anyone have any thoughts? I am not technically savvy and really need this restored. I am also aware once the raid volume is repaired that I will need Emsisoft and my Key to decrypt it, which is fine. I just cannot get this device to recognize this raid.

[dolbyman]

Open a ticket with QNAP and have them take a look at it

[dillonalexander]

I did, I havent heard back.

[dolbyman]

You could try to reinit the LVM, but without backups I would not go to that step yet (and wait for QNAP)

[dillonalexander]

I dont know what LVM is and unless someone can give me detailed steps of how to troubleshoot, i have no choice but to wait for qnap.

[dolbyman]

command is issued via SSH (make sure to use the 'admin' account)

Code: Select all

/etc/init.d/init_lvm.sh

[dillonalexander]

says "no such file or directory"

[dolbyman]

What user was used to login to SSH ?

[OneCD]

... and please post a screenshot of your command and the shell response.

[dillonalexander]

admin, the only user account there is

[dillonalexander]

Here is the screen cap

QNAP2.jpg

[OneCD]

Here is the screen capQNAP2.jpg

You've misspelt the script name.

Please try it again.

[dillonalexander]

Ok, sorry. Im a moron on this **. Here is what it says now:

QNAP3.jpg

[OneCD]

What does 'md_checker' show now?

[dillonalexander]

QNAP4.jpg

that worked!!!!! now i can see the drives again and recovered them. Now i just have to decrypt the data.