mikaux wrote: ↑Wed Jan 26, 2022 6:59 pm
Hi There. Is there any way you can post a 'How To' for the actions you have taken. Many of us have no real experience, or limited with SSH and although I can get in that way, I dont know what to do once in. That is I dont know how to get into the file structure to find the files you found
I'd suggest waiting for official instructions before trying this straight away, although it is promising that the Deadbolt page was displayed yet the files weren't encrypted yet.
I got the Deadbolt page on my QNAP this morning and powered off the NAS. I just checked an external USB drive which appears to have not been affected. I'm going to wait for way to check the internal drives (/ some other method) and keep my fingers crossed the files aren't fully encrypted.
So many of my files are now encrypted with the .deadbolt extension, this is so depressing!
Its all so well saying to disconnect from the internet to avoid this happening but i bought it for that very use, otherwise i may as well of just used a USB HDD.
Lets hope there is a guide available to get rid of it soon
Yep.. Lost every single digital movie I have.
Videos for work as well. I REALLY hope we get a fix for this.
Videos from 3 overseas deployments...
I could eventually replace my movies but those files are impossible to replace.
I thought I had setup the NAS for local share. Guess I missed something. I was hours and hours away from the NAS. By the time I got home it was over. Everything had the deadbolt ext.
Last edited by lknanml on Wed Jan 26, 2022 8:24 pm, edited 1 time in total.
I have access to the system by plugging in a keyboard and monitor directly, my plan is to reset to factory defaults then update everything and rebuild from backups
I managed to get the GUI back up via SSH and renaming index.html to something else and putting index.html.bak in its place
They only encrypted System files and one out of 3 main folders I have
Hoping there is a way to decrypt found out otherwise I'll have to go pull off the data that is fine and wipe and start again
would rather not!
I'm really sorry for all of you that got infected... It would be interesting to know what firmware you guys are running though and if you had upnp activated.
I personally am running QuTS hero 5.0.0.1892 (and deactivated upnp) and have not (yet, fingers crossed) been affected by deadbolt
jswain wrote: ↑Wed Jan 26, 2022 7:19 pm
So many of my files are now encrypted with the .deadbolt extension, this is so depressing!
Its all so well saying to disconnect from the internet to avoid this happening but i bought it for that very use, otherwise i may as well of just used a USB HDD.
Yes the Qnap marketing claiming that was possible to do safely with the Qnap have unfortunatelly been deceiving.
Remote access is still possible though through a remote access VPN, preferably installed on the Internet-facing firewall/router or at least on something in your network not made by Qnap.
Maybe it's too soon to remind about this but not having backup copies of your most important data on at least two other medias, with one always stored at another site, would have been a gamble even if ransomware didn't exist...
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
I victim of myself (backup) and of QNAP.
All my files are encrypted *.deadbolt
Unfortunately my backup is not up-to-date. Yes... I know.
I really need the docuemts on my QNAP NAS. Is aynone here who paid and get at working key? Yes - i also know i should not do. But....
Does anyone know what is the right way? Should i update firmware on the NAS and restart or ist this a bad idea because - if a get the right key - the one will not work then? Or is the unlock-key already on the NAS or the files?
pbch1 wrote: ↑Wed Jan 26, 2022 8:59 pm
In the same boat.... You should wait few days. Some people already paid the ransom but did not receive the key. Maybe qnap will have a solution, I hope...
Same hack here on a TVS-653 running on 5.0.0.1870 firmware. with UPnP disabled but with ports 8080, 21, 80, 443 and 3389 open to the internet. No reaction of Qnap yet. Hope to have one soon..
