As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

Synology NAS hacked, ransomware attack - what can I do?

ThirithThirith Registered User regular
edited July 17 in Help / Advice Forum
It seems that at some point during the last week my Synology NAS was hacked and everything on it was infected by the 0xxx ransomware virus.

Has this happened to anyone else here? What can I do to make sure that no more damage is done right now? And is there any way I can remove the virus from all the files, or are they pretty much lost?

Some additional information:
  • I thought that I always installed Synology updates when they came up... but perhaps I was wrong in this respect. :-/
  • I've deactivated Quick Connect on the NAS and I've made sure that there's no active port forwarding on the router linked to the NAS' network address.
  • For now the NAS is switched off.

webp-net-resizeimage.jpg
"Nothing is gonna save us forever but a lot of things can save us today." - Night in the Woods
Thirith on

Posts

  • Zilla360Zilla360 21st Century. |She/Her| Surreal. Immersive. Earth.Registered User regular
    All of the files on your NAS will be RSA 2048 encrypted, at a bare minimum, and if their key is even longer, you've got very little chance of getting any of those files back, I'm afraid. You should consider all data on the NAS as lost. :(
    Paying the ransom just paints a bigger target on your back amongst these scumbags, you will be seen as a 'soft target'. Whatever you choose to do, make sure that all of your future interactions with the device happen *offline* whilst it's infected.

    This site should give you some useful hints as to the exact method of encryption used:

    https://id-ransomware.malwarehunterteam.com/index.php

    NH844lc.png | PSN | GACSALB.jpg My Blog |🏳️‍⚧️♥️
  • ThirithThirith Registered User regular
    Cheers, that definitely helps to begin with. I think I've already resigned myself to all the data being lost.

    webp-net-resizeimage.jpg
    "Nothing is gonna save us forever but a lot of things can save us today." - Night in the Woods
  • HevachHevach Registered User regular
    edited July 17
    Kapersky has a edit: apparently now a whole series of tools that can try to crack a .0xxx file, you can feed it something inert like a .txt file and give it a shot, but it's a long shot.

    https://noransom.kaspersky.com/

    Hevach on
    SiskaZilla360
  • ThirithThirith Registered User regular
    Cheers - there's nothing there yet, but I might just shelve the NAS for a few months and then check back.

    webp-net-resizeimage.jpg
    "Nothing is gonna save us forever but a lot of things can save us today." - Night in the Woods
Sign In or Register to comment.