The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
Synology NAS hacked, ransomware attack - what can I do?
Thirith
Registered User regular
Registered User regular
It seems that at some point during the last week my Synology NAS was hacked and everything on it was infected by the 0xxx ransomware virus.
Has this happened to anyone else here? What can I do to make sure that no more damage is done right now? And is there any way I can remove the virus from all the files, or are they pretty much lost?
Some additional information:
Has this happened to anyone else here? What can I do to make sure that no more damage is done right now? And is there any way I can remove the virus from all the files, or are they pretty much lost?
Some additional information:
- I thought that I always installed Synology updates when they came up... but perhaps I was wrong in this respect. :-/
- I've deactivated Quick Connect on the NAS and I've made sure that there's no active port forwarding on the router linked to the NAS' network address.
- For now the NAS is switched off.
"Nothing is gonna save us forever but a lot of things can save us today." - Night in the Woods
Thirith on
0
Posts
Paying the ransom just paints a bigger target on your back amongst these scumbags, you will be seen as a 'soft target'. Whatever you choose to do, make sure that all of your future interactions with the device happen *offline* whilst it's infected.
This site should give you some useful hints as to the exact method of encryption used:
https://id-ransomware.malwarehunterteam.com/index.php
"Nothing is gonna save us forever but a lot of things can save us today." - Night in the Woods
https://noransom.kaspersky.com/
"Nothing is gonna save us forever but a lot of things can save us today." - Night in the Woods