[RANSOMWARE] Qlocker

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Post Reply
jaergo
New here
Posts: 9
Joined: Wed Jan 19, 2022 5:37 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by jaergo »

dolbyman wrote: Sat Jan 22, 2022 6:09 am pretty easy .. people still expose their NAS units to WAN, as QNAP did and still does advertise these units as easy private clouds .. and *zapp* all data is gone ...

If you remove all port forwards to the NAS (and disable upnp) you will not be in trouble here
Does this allow me to access it on my WIFI router but keep it off the internet? Because that's what I want to do. If not, what's the best way to do that? I know very little about networking ins and outs.
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by dolbyman »

Please elaborate what you mean by "access it on my wifi router"
Do you mean if the NAS would be available in your local LAN ? .. obviously other wise a NAS would be useless
Robs1979
New here
Posts: 3
Joined: Sat Jan 22, 2022 6:40 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by Robs1979 »

rbharol wrote: Sun Jan 09, 2022 4:04 pm Well, looks like they don't encrypt all files. In my case all Movies (MP4) and all music files were untouched. They probably know that people won't care about music.. It is the pictures and word and pdf documents that got encrypted. All those important ones.. I ended up paying them to get access after my recovery efforts failed.
Hi, did you get the right password after paying?
jaergo
New here
Posts: 9
Joined: Wed Jan 19, 2022 5:37 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by jaergo »

dolbyman wrote: Sat Jan 22, 2022 6:32 am Please elaborate what you mean by "access it on my wifi router"
Do you mean if the NAS would be available in your local LAN ? .. obviously other wise a NAS would be useless
Yes, that's what I mean. How do I basically turn off the outside internet, yet still access it at home without hardwiring it? I've always just had it set up to be on the internet.Thanks.
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by dolbyman »

internet access has nothing to do with wifi
jaergo
New here
Posts: 9
Joined: Wed Jan 19, 2022 5:37 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by jaergo »

dolbyman wrote: Sat Jan 22, 2022 7:18 am internet access has nothing to do with wifi
Right, but where is the setting that determines whether or not the nas has access outside of the home network? I set it up a long time ago, but it just seemed like that's what it defaulted to. Thanks.
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by dolbyman »

as said before

remove port forwarding and disable upnp (both in the router)
jaergo
New here
Posts: 9
Joined: Wed Jan 19, 2022 5:37 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by jaergo »

dolbyman wrote: Sat Jan 22, 2022 8:14 am as said before

remove port forwarding and disable upnp (both in the router)
Thank you. I'll have to find the manual for the router.
jaergo
New here
Posts: 9
Joined: Wed Jan 19, 2022 5:37 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by jaergo »

Okay, my Photorec finished, recovered over 500k files. When I go to run the next step, the qrescue.sh, it says, "/share/rescue/qpkg/QRescue/bin/qrescue.sh: line 26: /share/rescue/qpkg/QRescue/python_armhf/bin/python3: No such file or directory"

I can see that exists, how do I get it to find it?
P3R
Guru
Posts: 13183
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by P3R »

miren2k wrote: Sat Jan 22, 2022 5:59 am Why are you not meant to change your default port from 8080?
Because the only way to really protect your Qnap is to not directly expose it on the Internet. By that follow that your NAS will only be reachable from a secure local network and then there's no security advantage at all with changing from the default port. The most significant effect using a non-standard port would have is that it increases the risk for mistakes and confusion in the future.

If you have already changed port and have now gotten used to using that, then by all means don't change back but there's no security advantage with what you have.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
Robs1979
New here
Posts: 3
Joined: Sat Jan 22, 2022 6:40 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by Robs1979 »

jaergo wrote: Sat Jan 22, 2022 8:36 am Okay, my Photorec finished, recovered over 500k files. When I go to run the next step, the qrescue.sh, it says, "/share/rescue/qpkg/QRescue/bin/qrescue.sh: line 26: /share/rescue/qpkg/QRescue/python_armhf/bin/python3: No such file or directory"

I can see that exists, how do I get it to find it?
Hi, hello which method did you use? the one from the qnap site or the other one?
Thanks
jaergo
New here
Posts: 9
Joined: Wed Jan 19, 2022 5:37 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by jaergo »

The QNap one.
Robs1979
New here
Posts: 3
Joined: Sat Jan 22, 2022 6:40 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by Robs1979 »

jaergo wrote: Sat Jan 22, 2022 8:07 pm The QNap one.
Thanks, I tried the same one too, but I don't know why at the end it said "recovered 40000" but in reality I only saw 670 files ....
miren2k
Starting out
Posts: 10
Joined: Fri Dec 06, 2019 9:23 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by miren2k »

dolbyman wrote: Sat Jan 22, 2022 6:09 am pretty easy .. people still expose their NAS units to WAN, as QNAP did and still does advertise these units as easy private clouds .. and *zapp* all data is gone ...

If you remove all port forwards to the NAS (and disable upnp) you will not be in trouble here
I'm currently going through a massive list of security precautions - this being one of them.

Is there anything I'm missing here or has these sorted out the issue?

On my router:
https://i.ibb.co/4tJfxnd/Screenshot-202 ... 54-15.jpg
QNAP cloud settings:
https://i.ibb.co/gyNmrYp/Screenshot-202 ... -56-02.png
Service Discovery:
https://i.ibb.co/7rz309Z/Screenshot-202 ... -55-27.png

However I use plex so I have this ticked, is this okay?

https://i.ibb.co/wsQp26v/Screenshot-202 ... -57-11.png


Is this covering all basis? should I be safe technically speaking?
:evil: Forever enraged.
User avatar
jaysona
Been there, done that
Posts: 846
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by jaysona »

Plex uses its own web server, you do not need to enable the QNAP DLNA server to use plex. Keep the QNAP DLNA server disabled.
RAID is not a Back-up!

H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15

Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
Post Reply

Return to “Users' Corner”