Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Posted: Fri Apr 23, 2021 4:03 am
Well, i have no idea why but its now working. Must be my end. Doh.saturdaynightyay wrote: ↑Fri Apr 23, 2021 3:41 amYes It would be good to get a script that will do everything. Also if you could specify which folder to run the script from?Fly100 wrote: ↑Fri Apr 23, 2021 3:22 am dir /s /b *.7z > allzips.txt
for /F "delims=" %%x in (allzips.txt) do ("C:\Program Files\7-Zip\7z.exe" e -pXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -o"%%~dpx" "%%x")
for /F "delims=" %%x in (allzips.txt) do del "%%x"
A guy earlier in the the thread wrote this Gem, Thank you Sir well played. Could anyone offer advise on it please I can only get it to work if I put the Bat file in the same DIR as the the 7z files, it wont then do any of the sub Dir's in the main dir.
Thank you again to the gent that wrote it.
Hero.
FLY
Cheers
You would think so, but that is not the case. Read the software license and usage agreement you accept when you use the NAS. You effectively agree to an as-is use of the software and QNAP provides no guarantees about its software.
I'm still getting login attempts every 5 minutes. I never saw a successful login that wasn't my IP though. Was it back doored through the qsync or whatever? I'm just confused.saturdaynightyay wrote: ↑Fri Apr 23, 2021 4:03 ami doubt it mate, things like that are a 1 time thing. Its like a dos prompt, I dont think it gets stored.
Time to disable port forwarding to the QTS admin webpage your NAS, it will eventually get compromised.
password is 32 characters. I am guessing brute force would take forever.phr34k wrote: ↑Fri Apr 23, 2021 4:37 am So what should we do now? Wait? Is help coming or is this a lost case? Should we try to pay the ransome?
Is it possible to brute force the 7z file or is that lost cause? I mean does it take weeks or are we talking years? I have all my pictures of my daughter from being borned til now
Hey guys,
unfortunately, my NAS was also affected. But don't worry, I have a solution.
You can use the following software to restore your data from the disks.
https://www.cgsecurity.org/wiki/TestDisk_Download
First you have to connect via ssh to your NAS and you have to install the tool from the link, it's called PhotoRec. Then you have to mount a local disk from your machine, you can use Samba to mount a disk from Windows to the NAS.
Supported file systems:
FAT, NTFS, exFAT, ext, HFS+
How it works?
The tool can restore deleted files from the disk. All deleted files are still present, but the location of the first data block is removed. The tool can scan all sectors of the disk and can restore a lot of files. With a little bit luck the tool can restore all files.
My program is still running since one hour, and I restored 18k files already. A lot of my vacation pictures are already back.
If you have any technical questions you can contact me here in the forum or also via mail at security@received.eu.
It is not the best soultion, but with luck you can restore your files and you have to pay nothing.
Regards and good luck,
MAI2VIN
For a bruteforce attack you looking at some very bleak numbersphr34k wrote: ↑Fri Apr 23, 2021 4:37 am So what should we do now? Wait? Is help coming or is this a lost case? Should we try to pay the ransome?
Is it possible to brute force the 7z file or is that lost cause? I mean does it take weeks or are we talking years? I have all my pictures of my daughter from being borned til now
Im defintly thinking about paying but i dont know wich Bitcoin service to use so i can "send" them their money. I have never delt with BTC and i tried Revolut but they dont allow me to send money to an adresssaturdaynightyay wrote: ↑Fri Apr 23, 2021 4:47 amif process has finished then just pay the ransom, password is 32 characters. I am guessing brute force would take forever.phr34k wrote: ↑Fri Apr 23, 2021 4:37 am So what should we do now? Wait? Is help coming or is this a lost case? Should we try to pay the ransome?
Is it possible to brute force the 7z file or is that lost cause? I mean does it take weeks or are we talking years? I have all my pictures of my daughter from being borned til now
There is a difference between software bugs and gross negligence. Therefore I think this will not fly, at least not in Europe. The first time in my life I am seriously thinking about letting a (my) lawyer looking into something like this. Why? because I am angry.jaysona wrote: ↑Fri Apr 23, 2021 4:29 amYou would think so, but that is not the case. Read the software license and usage agreement you accept when you use the NAS. You effectively agree to an as-is use of the software and QNAP provides no guarantees about its software.
I have had numerous "discussions" with "software engineers" that I know and have told more than a few that if they were civil engineers, they would be in jail for gross negligence. The issue is that software people (aside from certain Aerospace applications) have absolutely no legal obligations whatsoever when it comes to software code robustness.
Good luck.. that is not QNAPs first crypto malware attack rodeo ... and they are still aroundMcBride wrote: ↑Fri Apr 23, 2021 4:50 am There is a difference between software bugs and gross negligence. Therefore I think this will not fly, at least not in Europe. The first time in my life I am seriously thinking about letting a (my) lawyer looking into something like this. Why? because I am angry.