Recommended Posts

It happened to me unexpectedly. I was building mini pc for my kids so they could have some simple games to play on. After installing windows and first software I found that on C drive are some modified files and on my network location some new file had showed up next to xpenology icon. Dont remember exactly what was written after I had click on it,  I just remember an info that files are become crypted. I immediately turn of my pc and jump on my laptop to check what is going on. From there I went on network share/xpenology and I saw that that on my 2 drives and xpenoboot  pendrive  same files had appeared / after that I also shut it down. 

I read on the internet that my problem could cause KMSpico which really is a ransomware and somehow it spread over my home network. I  scan my laptop with malwarebytes antyrootkit, antyransomware, adwcleaner and EmsisoftEmergencyKit - everything was ok.    Now big question is what should I do with my nas???    Should I go on with this instruction synolocker ransomware-affecting dsm? Before I found this topic I was thinking about 2 other options.  First option is to take out all drives, put empty one, install dsm and scan hdd+ xpenoboot pendrive to remove or decrypt files with f.ex Hidden Tear BruteForcer. Afterwards put next drive and scan it/ after that another and another. Second option is to take out hdds, connect it to pc  and make a scan (but I dont know is it possible to do in windows because they are linux drives/ maybe with f.ex DiskInternals Linux Reader ). What do You suggest to do? I have dsm 5.2 and 8x 2-6tb drives (only couple of them have backup on external drives).

Edited by ruffpl

Share this post


Link to post
Share on other sites

I checked the xpenoboot pendrive on old computer / it is gandcrab v 5.1 and files got .guzenwkbt-decrypt extension.  Later I will try to clean it up....

Share this post


Link to post
Share on other sites

I checked all drives and scaned them with a lot of anti mal/virus/rootkit programs. No threat detected but 2 shared folders are encrypted/ music videos with 400 iso dvd images and tv series with around 2000 hd video files :(.  I will have to move them to external drive and maybe one day there will be a way to decrypt them.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now