It seems that at some point during the last week my Synology NAS was hacked and everything on it was infected by the 0xxx ransomware virus.
Has this happened to anyone else here? What can I do to make sure that no more damage is done right now? And is there any way I can remove the virus from all the files, or are they pretty much lost?
Some additional information:
- I thought that I always installed Synology updates when they came up... but perhaps I was wrong in this respect. :-/
- I've deactivated Quick Connect on the NAS and I've made sure that there's no active port forwarding on the router linked to the NAS' network address.
- For now the NAS is switched off.
"Nothing is gonna save us forever but a lot of things can save us today." - Night in the Woods
Posts
Paying the ransom just paints a bigger target on your back amongst these scumbags, you will be seen as a 'soft target'. Whatever you choose to do, make sure that all of your future interactions with the device happen *offline* whilst it's infected.
This site should give you some useful hints as to the exact method of encryption used:
https://id-ransomware.malwarehunterteam.com/index.php
"Nothing is gonna save us forever but a lot of things can save us today." - Night in the Woods
https://noransom.kaspersky.com/
"Nothing is gonna save us forever but a lot of things can save us today." - Night in the Woods