dolbyman wrote: ↑Mon Apr 05, 2021 3:22 am
read the previous posts....no need to ask again
Thank you! I read through the comments. I read somewhere there was similar one few years ago and someone made a decrypter it. so wondering if there is anything similar? Since you seem to be a guru of somesort, why don't you enlighten me?
groundhogrdg wrote: ↑Sun Apr 04, 2021 9:08 am
Mine has been infected too on March 28th
Seems all documents, archives and images have been encrypted.
MP4, MP3s have not been touched.
Seems to have gone through all shared folders nothing listed in connection logs.
A few more details.
TS-451+ running 4.3.4 Build 20180830
A user account "wasthere" had been created 28 March 2021, 22:39:02
This account had RW permissions to a share that was not previously visible with system files labelled "9cd00ccc-d02f-11ea-87d0-..."
Two log entries were created:
Information 28/03/2021 19:45:49 System 127.0.0.1 localhost [App Center] Installed System 0.1 in /share/CACHEDEV1_DATA/.qpkg/System.
Information 28/03/2021 21:17:49 System 127.0.0.1 localhost [App Center] Enabled System.
I had the same user account "wasthere" in mine too. Though there is nothing in that account folder. I am still trying to understand how to get these files decrypted. I am hoping Qnap releases something for this.
Krismede wrote: ↑Mon Apr 05, 2021 10:54 am
I had the same user account "wasthere" in mine too. Though there is nothing in that account folder. I am still trying to understand how to get these files decrypted. I am hoping Qnap releases something for this.
Your NAS is definitely infected. Forget trying to find a decrypter: re-init your NAS and restore all data from your external backups.
Krismede wrote: ↑Mon Apr 05, 2021 10:54 am
I had the same user account "wasthere" in mine too. Though there is nothing in that account folder. I am still trying to understand how to get these files decrypted. I am hoping Qnap releases something for this.
Your NAS is definitely infected. Forget trying to find a decrypter: re-init your NAS and restore all data from your external backups.
unfortunately, there is not back up for some of the files. its ironic that a backup storage device needs a backup too. have you or someone tried emisoft decrypter ?
Krismede wrote: ↑Mon Apr 05, 2021 11:36 am
unfortunately, there is not back up for some of the files. its ironic that a backup storage device needs a backup too.
Why?
If you were using the NAS as a backup device, then you still have the original files.
If the NAS has files that are not located anywhere else, it's no-longer a backup device.
You should have multiple copies of your data. Don't put it all in one fragile (and easily hackable) box and expect it to be safe forever.
Krismede wrote: ↑Mon Apr 05, 2021 11:36 am
have you or someone tried emisoft decrypter ?
Never used it - probably because I've never been infected.
dolbyman wrote: ↑Sat Apr 03, 2021 12:21 pm
sure upnp is noy active ? exposing your nas without knowlage
Yep, that might have been it. Now, uPnP is off, and no access except for a range of internal IP addresses. And periodic backups to a flash drive stored off-site!
I read in bleeping computer that there was a software that could take the encrypted file and a copy of the original file to recover. Has anyone used it ?
dolbyman wrote: ↑Tue Apr 06, 2021 4:47 am
if you have a copy of the original file..why would you need to decrypt it ?
LOL, of course if we have copies, no one will go for decrypting it. I think the idea here is - some file may have been downloaded from the NAS and you can potentially use that 1 file to decrypt.
anyways, if someone has experience using it, please share.