i doubt it mate, things like that are a 1 time thing. Its like a dos prompt, I dont think it gets stored.
[RANSOMWARE] Qlocker
-
- Starting out
- Posts: 19
- Joined: Thu Apr 22, 2021 6:22 pm
-
- Getting the hang of things
- Posts: 89
- Joined: Fri Dec 26, 2008 4:07 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Well, i have no idea why but its now working. Must be my end. Doh.saturdaynightyay wrote: ↑Fri Apr 23, 2021 3:41 amYes It would be good to get a script that will do everything. Also if you could specify which folder to run the script from?Fly100 wrote: ↑Fri Apr 23, 2021 3:22 am dir /s /b *.7z > allzips.txt
for /F "delims=" %%x in (allzips.txt) do ("C:\Program Files\7-Zip\7z.exe" e -pXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -o"%%~dpx" "%%x")
for /F "delims=" %%x in (allzips.txt) do del "%%x"
A guy earlier in the the thread wrote this Gem, Thank you Sir well played. Could anyone offer advise on it please I can only get it to work if I put the Bat file in the same DIR as the the 7z files, it wont then do any of the sub Dir's in the main dir.
Thank you again to the gent that wrote it.
Hero.
FLY
Cheers
-
- Starting out
- Posts: 19
- Joined: Thu Apr 22, 2021 6:22 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
fly100, so you log on to ssh and type those 3 commands (1 for each line) in order ?
after entering line 1 i get:
-sh: dir: command not found
Ah it looks like its a dos command, I should try it from PC
Cheers
after entering line 1 i get:
-sh: dir: command not found
Ah it looks like its a dos command, I should try it from PC
Cheers
- jaysona
- Been there, done that
- Posts: 854
- Joined: Tue Dec 02, 2008 11:26 am
- Location: Somewhere in the Great White North
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
You would think so, but that is not the case. Read the software license and usage agreement you accept when you use the NAS. You effectively agree to an as-is use of the software and QNAP provides no guarantees about its software.
I have had numerous "discussions" with "software engineers" that I know and have told more than a few that if they were civil engineers, they would be in jail for gross negligence. The issue is that software people (aside from certain Aerospace applications) have absolutely no legal obligations whatsoever when it comes to software code robustness.
RAID is not a Back-up!
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
-
- First post
- Posts: 1
- Joined: Wed Mar 12, 2014 6:03 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Same Problem here
-
- New here
- Posts: 5
- Joined: Fri Apr 23, 2021 3:25 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
I'm still getting login attempts every 5 minutes. I never saw a successful login that wasn't my IP though. Was it back doored through the qsync or whatever? I'm just confused.saturdaynightyay wrote: ↑Fri Apr 23, 2021 4:03 ami doubt it mate, things like that are a 1 time thing. Its like a dos prompt, I dont think it gets stored.
-
- Starting out
- Posts: 19
- Joined: Thu Apr 22, 2021 6:22 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
in control panel then security you can set it to block them after X number of failed login attempts.
-
- Starting out
- Posts: 26
- Joined: Wed Dec 09, 2015 2:59 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
So what should we do now? Wait? Is help coming or is this a lost case? Should we try to pay the ransome?
Is it possible to brute force the 7z file or is that lost cause? I mean does it take weeks or are we talking years? I have all my pictures of my daughter from being borned til now
Is it possible to brute force the 7z file or is that lost cause? I mean does it take weeks or are we talking years? I have all my pictures of my daughter from being borned til now
- jaysona
- Been there, done that
- Posts: 854
- Joined: Tue Dec 02, 2008 11:26 am
- Location: Somewhere in the Great White North
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Time to disable port forwarding to the QTS admin webpage your NAS, it will eventually get compromised.
RAID is not a Back-up!
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
-
- Starting out
- Posts: 19
- Joined: Thu Apr 22, 2021 6:22 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
password is 32 characters. I am guessing brute force would take forever.phr34k wrote: ↑Fri Apr 23, 2021 4:37 am So what should we do now? Wait? Is help coming or is this a lost case? Should we try to pay the ransome?
Is it possible to brute force the 7z file or is that lost cause? I mean does it take weeks or are we talking years? I have all my pictures of my daughter from being borned til now
Try this (from another website - i have not tried it):
Hey guys,
unfortunately, my NAS was also affected. But don't worry, I have a solution.
You can use the following software to restore your data from the disks.
https://www.cgsecurity.org/wiki/TestDisk_Download
First you have to connect via ssh to your NAS and you have to install the tool from the link, it's called PhotoRec. Then you have to mount a local disk from your machine, you can use Samba to mount a disk from Windows to the NAS.
Supported file systems:
FAT, NTFS, exFAT, ext, HFS+
How it works?
The tool can restore deleted files from the disk. All deleted files are still present, but the location of the first data block is removed. The tool can scan all sectors of the disk and can restore a lot of files. With a little bit luck the tool can restore all files.
My program is still running since one hour, and I restored 18k files already. A lot of my vacation pictures are already back.
If you have any technical questions you can contact me here in the forum or also via mail at security@received.eu.
It is not the best soultion, but with luck you can restore your files and you have to pay nothing.
Regards and good luck,
MAI2VIN
Last edited by saturdaynightyay on Fri Apr 23, 2021 4:50 am, edited 1 time in total.
- dolbyman
- Guru
- Posts: 35251
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
For a bruteforce attack you looking at some very bleak numbersphr34k wrote: ↑Fri Apr 23, 2021 4:37 am So what should we do now? Wait? Is help coming or is this a lost case? Should we try to pay the ransome?
Is it possible to brute force the 7z file or is that lost cause? I mean does it take weeks or are we talking years? I have all my pictures of my daughter from being borned til now
You can either wait for an exploit attack or if anyone captures the key server.. if the server gets taken down and passwords are not made public you go back to the above calculation chart
You do not have the required permissions to view the files attached to this post.
-
- Starting out
- Posts: 26
- Joined: Wed Dec 09, 2015 2:59 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Im defintly thinking about paying but i dont know wich Bitcoin service to use so i can "send" them their money. I have never delt with BTC and i tried Revolut but they dont allow me to send money to an adresssaturdaynightyay wrote: ↑Fri Apr 23, 2021 4:47 amif process has finished then just pay the ransom, password is 32 characters. I am guessing brute force would take forever.phr34k wrote: ↑Fri Apr 23, 2021 4:37 am So what should we do now? Wait? Is help coming or is this a lost case? Should we try to pay the ransome?
Is it possible to brute force the 7z file or is that lost cause? I mean does it take weeks or are we talking years? I have all my pictures of my daughter from being borned til now
- McBride
- Know my way around
- Posts: 107
- Joined: Fri Jun 07, 2013 3:00 pm
- Location: Vienna
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
There is a difference between software bugs and gross negligence. Therefore I think this will not fly, at least not in Europe. The first time in my life I am seriously thinking about letting a (my) lawyer looking into something like this. Why? because I am angry.jaysona wrote: ↑Fri Apr 23, 2021 4:29 amYou would think so, but that is not the case. Read the software license and usage agreement you accept when you use the NAS. You effectively agree to an as-is use of the software and QNAP provides no guarantees about its software.
I have had numerous "discussions" with "software engineers" that I know and have told more than a few that if they were civil engineers, they would be in jail for gross negligence. The issue is that software people (aside from certain Aerospace applications) have absolutely no legal obligations whatsoever when it comes to software code robustness.
-
- Starting out
- Posts: 19
- Joined: Thu Apr 22, 2021 6:22 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
phr34 i have used paxful in the past for bicoin, it seemed straight forward enough
- dolbyman
- Guru
- Posts: 35251
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Good luck.. that is not QNAPs first crypto malware attack rodeo ... and they are still aroundMcBride wrote: ↑Fri Apr 23, 2021 4:50 am There is a difference between software bugs and gross negligence. Therefore I think this will not fly, at least not in Europe. The first time in my life I am seriously thinking about letting a (my) lawyer looking into something like this. Why? because I am angry.
https://www.zdnet.com/article/cisa-says ... h-malware/
https://www.bleepingcomputer.com/news/s ... s-devices/
etc