Jump to content
XPEnology Community

Need help with ransomware on my xpenology nas


Recommended Posts

It happened to me unexpectedly. I was building mini pc for my kids so they could have some simple games to play on. After installing windows and first software I found that on C drive are some modified files and on my network location some new file had showed up next to xpenology icon. Dont remember exactly what was written after I had click on it,  I just remember an info that files are become crypted. I immediately turn of my pc and jump on my laptop to check what is going on. From there I went on network share/xpenology and I saw that that on my 2 drives and xpenoboot  pendrive  same files had appeared / after that I also shut it down. 

I read on the internet that my problem could cause KMSpico which really is a ransomware and somehow it spread over my home network. I  scan my laptop with malwarebytes antyrootkit, antyransomware, adwcleaner and EmsisoftEmergencyKit - everything was ok.    Now big question is what should I do with my nas???    Should I go on with this instruction synolocker ransomware-affecting dsm? Before I found this topic I was thinking about 2 other options.  First option is to take out all drives, put empty one, install dsm and scan hdd+ xpenoboot pendrive to remove or decrypt files with f.ex Hidden Tear BruteForcer. Afterwards put next drive and scan it/ after that another and another. Second option is to take out hdds, connect it to pc  and make a scan (but I dont know is it possible to do in windows because they are linux drives/ maybe with f.ex DiskInternals Linux Reader ). What do You suggest to do? I have dsm 5.2 and 8x 2-6tb drives (only couple of them have backup on external drives).

Edited by ruffpl
Link to comment
Share on other sites

I checked all drives and scaned them with a lot of anti mal/virus/rootkit programs. No threat detected but 2 shared folders are encrypted/ music videos with 400 iso dvd images and tv series with around 2000 hd video files :(.  I will have to move them to external drive and maybe one day there will be a way to decrypt them.

 

Link to comment
Share on other sites

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...