Ransomware NAS attack encountered, anyone know how to tackle this? Not my pc btw

Ransomware NAS attack encountered, anyone know how to tackle this? Not my pc btw.

Attached: IMG-20190717-WA0061.jpg (1280x720, 113K)

Other urls found in this thread:

easeus.com/datarecoverywizard/recover-formatted-partition.htm
thehackernews.com/2019/07/ransomware-nas-devices.html
twitter.com/NSFWRedditVideo

Are the files actually gone or still on the NAS?

There gone

>nas
>window
tha fuck?

Then you are fucked mate. If they have no backup pay up and hope you get your shit back if it's actually important. And tell them to spare themselves the money next time and keep up to date updates.

>Network Attached Storage
>Can't be accessed from Windows for reasons
Are you legit retarded?

Thanks i guess, i just don't want my falling into the wrong hands if you know what I mean

>Ransomware
kids, this is why you use the latest patches and bleeding edge software.

it read like he was using windows on his nas machine, which is the only way ransomware would effect it, and you recing to pay up and trust the files you get back are ok is what's retarded

If they already are on his server it's a little too late to worry about your files. Or are you talking about money? Either way if the files are actually gone I'm sorry to say there is nothing you can do.
You could try recovering the deleted files but there is absolutely no guarantee you'll recover anything.

>which is the only way ransomware would effect it
>Ransomware can't affect Linux systems
You wot? Do you even know what you are talking about? Just stop before you embarrass yourself further.

QNAP NAS? You're fucked.

Why?

if they are deleted, you can try to recover files if sectors were not overwritten.
Check this:
easeus.com/datarecoverywizard/recover-formatted-partition.htm
maybe something familiar will help you

show me one single verifiable case of ransomeware for linux jackass

>show me one single verifiable case of ransomeware for linux jackass
>Why would anyone ever target the most commonly used kernel for NAS and enterprise file servers?
You legit are clinically brain-dead. This conversation ends here. Please fuck back off to wherever you came from at the next convenient point in time.

Go find a trojan you can download use. Email the guy with "attached PDF of my payment screenshot" infected with your trojan. Recover your files and devastate his.

>my
kek you said it wasn't your computer faggot EXPOSED

Might actually be worth a try. Probably just some retarded skiddie on the other end it might just fucking work.

Attached: 1555521326228.jpg (585x398, 18K)

Grab Shadows, move em to an Ext, Format the PC then toss the Files back on. Would have to get done before the Shadows get updated/overwritten by their encrypted versions. Without Shadows, Id say you're fucked. Not sure if your NAS even would make Shadow Copies.

Restore from backup.

This same thing hit my nas. There's a decryptor for older versions. It depends what file extension you got

like dropping your car keys in molten lava. they're gone

>something being popular means it's more exploitable

Use antivirus you colossal retards.

Or maybe, just maybe, have up to date backups and not execute big-cock-tranny-porn.jpg.mkv.bat.exe.bin as root.

> anyone know how to tackle this?
Yes, you had a backup OR you had disk snapshots / file versioning / ... preferably with no way to actually delete this from *especially* Windows and OSX in usual operation.

why are you guys saying youre getting this on your NAS? how would you even do that?

also OP, what did you open to get infected and how did it look like when it happened?

Old scam. Pretty weak. Might still work on the occasional noob. It's an executable disguised as a common text file. Completely harmless as long as you don't open it in notepad.

Antivirus has nothing to do with this at all.

It's a remote exploit for a linux NAS OS that is checked against unpatched vulnerabilities and then remotely exploited. If you think antivirus would help in a situation like that you're the colossal retard here.

Simple script really, check for network locations, try to encrypt all files, upload, remove after upload, create yourefugged:-DDD.txt, ???, profit.
But even that is beyond this board so why do I even bother explaining this?

This is the part where you post the evidence to your claims.

holy shit thats crazy. thank god i never bothered to setup nas. i just have disconnected usb drives for backups/large storage instead. it never did seem safe or worth it to me, i guess i ended up being right.

did op just have a really old outdated linux distro or is this some exploit going around affecting even regular users?

still on the nas - go and search there are ways to get the data back without paying - search ransomware recovery instructions

Please tell me you don't actually believe what that retard said do you?

If they are even halfway competent there is nothing left. I'm not saying that it's not worth trying but it's far from guaranteed success.

i dont really see whats so unbelievable to you. its just some asshole scanning millions of IPs looking for an exploitable box. seems perfectly reasonable although i never heard of cases of it before until now.

about which part? i don't think attacker used linux to propagate ransomware since op is using windows 7 and it seems that he added nas as a network place or something but he's right about antiviruses. they're trash for the most part.

is OP ever going to explain what he did/didnt do specifically?

It's called basic fucking computing you retard

if you leave the door open to your password and the person logs in using your credentials, and sends shit to their server, tells it to encrypt itself and then tells you to fuck off, what exactly is antivirus going to detect? it's considered 'normal use' of the system because regular commands run by the administrator are being run.

if you create a batch file that deletes system32 antivirus generally isn't going to pick it up.

It isn't necessarily untrue or impossible, though I don't know if it happens in practice. If some NAS box you buy is exposed to the internet then whatever services are exposed can obviously get exploited if they have vulnerabilities or if the user is retarded with his credentials and an attacker simply gets access that way. These services which are exposed are also likely to have access to the files (since that's the whole point with a NAS), so you could definitely get fucked like that.

Or just have Ublock origin,commonsense, and upload every file you down to virustotal before opening it. Been using Win7 2009 ISO for 10 years no updates just fine. Also helps doing everything in a VM so your host OS doesnt get touched

Attached: 1563348055016.jpg (480x360, 10K)

OP left UPNP on / left ports open on a NAS device for remote access, and left old firmware on it that had vulnerabilities. Some russian using a script scanned his address range and discovered the NAS system on it and automatically ran scripts against it to exploit known vulnerabilities with old firmware to gain root access. This process is completely automated and OP was just caught in a sweep by leaving vulnerable equipment connected rawdog to the internet.

>it‘s much more likely Anons NAS was exposed to the internet and got exploited by a random skiddie port scanning millions of IPs than user being a retard and executing a file he shouldn‘t have
The absolute state of this board.

It absolutely fucking is. You stupid piece of shit.

thehackernews.com/2019/07/ransomware-nas-devices.html

This specific exploit just started making rounds just recently, specifically targetting QNAP NAS devices connected rawdog to the internet. ()

It would be pretty retarded to deliver ransomware which specifically targets the NAS but somehow leaves the files on the computer it's actually running on untouched. Why the fuck would anyone implement ransomware like that?

OP likely has SSH turned on without any password set.

OP probably turned off all firewalls, left default SSH passwords/no password and didn't update his firmware.