Raid not active after DEADBOLT Ransomware
-
- New here
- Posts: 8
- Joined: Tue May 17, 2022 2:22 am
Raid not active after DEADBOLT Ransomware
Hi all.
Yes I am one of the people who even this late still got deadbolted this past weekend. Due to the fact I have no backups and cannot afford to lose this data I paid the ransom and got the key. I put the key in and it removed the deadbolt prompt upon login. I was assuming this would fix more than it did. Now when I log into the NAS it tells me that the raid status is "Not Active" but that all the disks are "Good". The onboard recover raid group feature leads me to a message that says:
"Failed to recover storage pool. Possible reasons:
Someone inserted new disks, or the data is damaged.
To continue, insert the original disks into the NAS and
recover the pool again, or delete the pool and create a new one. "
I was able to ssh into the device (TS - 451) and run md_checker and got the status as OFFLINE. I can see all the drives and each of those is listed as active.
I have followed a few other posts and so far none of the commands have worked to restore the raid. I am really at a loss. I put a ticket in with QNAP but it has been days now and they have not replied.
Does anyone have any thoughts? I am not technically savvy and really need this restored. I am also aware once the raid volume is repaired that I will need Emsisoft and my Key to decrypt it, which is fine. I just cannot get this device to recognize this raid.
Yes I am one of the people who even this late still got deadbolted this past weekend. Due to the fact I have no backups and cannot afford to lose this data I paid the ransom and got the key. I put the key in and it removed the deadbolt prompt upon login. I was assuming this would fix more than it did. Now when I log into the NAS it tells me that the raid status is "Not Active" but that all the disks are "Good". The onboard recover raid group feature leads me to a message that says:
"Failed to recover storage pool. Possible reasons:
Someone inserted new disks, or the data is damaged.
To continue, insert the original disks into the NAS and
recover the pool again, or delete the pool and create a new one. "
I was able to ssh into the device (TS - 451) and run md_checker and got the status as OFFLINE. I can see all the drives and each of those is listed as active.
I have followed a few other posts and so far none of the commands have worked to restore the raid. I am really at a loss. I put a ticket in with QNAP but it has been days now and they have not replied.
Does anyone have any thoughts? I am not technically savvy and really need this restored. I am also aware once the raid volume is repaired that I will need Emsisoft and my Key to decrypt it, which is fine. I just cannot get this device to recognize this raid.
You do not have the required permissions to view the files attached to this post.
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Raid not active after DEADBOLT Ransomware
Open a ticket with QNAP and have them take a look at it
-
- New here
- Posts: 8
- Joined: Tue May 17, 2022 2:22 am
Re: Raid not active after DEADBOLT Ransomware
I did, I havent heard back.
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Raid not active after DEADBOLT Ransomware
You could try to reinit the LVM, but without backups I would not go to that step yet (and wait for QNAP)
-
- New here
- Posts: 8
- Joined: Tue May 17, 2022 2:22 am
Re: Raid not active after DEADBOLT Ransomware
I dont know what LVM is and unless someone can give me detailed steps of how to troubleshoot, i have no choice but to wait for qnap.
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Raid not active after DEADBOLT Ransomware
command is issued via SSH (make sure to use the 'admin' account)
Code: Select all
/etc/init.d/init_lvm.sh
-
- New here
- Posts: 8
- Joined: Tue May 17, 2022 2:22 am
Re: Raid not active after DEADBOLT Ransomware
says "no such file or directory"
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Raid not active after DEADBOLT Ransomware
What user was used to login to SSH ?
- OneCD
- Guru
- Posts: 12146
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: Raid not active after DEADBOLT Ransomware
... and please post a screenshot of your command and the shell response.
-
- New here
- Posts: 8
- Joined: Tue May 17, 2022 2:22 am
Re: Raid not active after DEADBOLT Ransomware
admin, the only user account there is
-
- New here
- Posts: 8
- Joined: Tue May 17, 2022 2:22 am
Re: Raid not active after DEADBOLT Ransomware
Here is the screen cap
You do not have the required permissions to view the files attached to this post.
- OneCD
- Guru
- Posts: 12146
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: Raid not active after DEADBOLT Ransomware
You've misspelt the script name.
Please try it again.
-
- New here
- Posts: 8
- Joined: Tue May 17, 2022 2:22 am
Re: Raid not active after DEADBOLT Ransomware
Ok, sorry. Im a moron on this **. Here is what it says now:
You do not have the required permissions to view the files attached to this post.
- OneCD
- Guru
- Posts: 12146
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
-
- New here
- Posts: 8
- Joined: Tue May 17, 2022 2:22 am
Re: Raid not active after DEADBOLT Ransomware
that worked!!!!! now i can see the drives again and recovered them. Now i just have to decrypt the data.
You do not have the required permissions to view the files attached to this post.