Help - Technically minded folk

[Abdoulaye's Twin]

My Business NAS drive has been hit with Ransomware.

All the files on it are now locked and the NAS has synced with Onedrive and all the copies on there are now also locked. I've tried using version history on Onedrive but most files only seem to have 2 versions, both since the ransomware hit. Some files with more versions going back years seem to have all versions locked.

Any ideas?

It is a Qnap Nas and Onedrive Business

[Worthy4England]

There's not a range of "great" answers, unfortunately. If you're able to identify which ransomeware it is, there might be decrypt tool available on a site like no more ransom

[Abdoulaye's Twin]

Thanks. I've added that to the list of things to try!

Just to show how hopeless the authorities are to fight this sort of thing, I filled in a report to report the ransomware. One of the questions was about payment of the ransom and there wasn't an option for bitcoin or any other crypto currency. Paypal was the most technically advanced payment method they had

Edit - just had an email back and they're unable to count it as a crime. So next time Priti Patel tells you how ace she is at cutting crime, just remember that they've decided not to count them.

[Worthy4England]

If it's changed all your file extensions to (.7z) it reads like it's something called Qlocker...

[Worthy4England]

Also, if it is qlocker, there are possible ways round it and qnap tech support might help gratis...

[Abdoulaye's Twin]

If it's changed all your file extensions to (.7z) it reads like it's something called Qlocker...

It is Deadbolt. I'm currently waiting on Onedrive to roll back a week and see if that does the trick (currently 2% completed after a couple of hours). The stuff from Qnap hasn't helped so far, so will try the tools on No More Ransomware if the roll back doesn't work.

[Worthy4England]

There seems to be a decryption key for deadbolt...maybe not unless you've coughed up.

[Worthy4England]

https://www.qnap.com/en/how-to/faq/arti ... y-deadbolt

[Abdoulaye's Twin]

https://www.qnap.com/en/how-to/faq/arti ... y-deadbolt

I've done all that and the malware remover didn't remove anything!

[Worthy4England]

https://www.qnap.com/en/how-to/faq/arti ... y-deadbolt

I've done all that and the malware remover didn't remove anything!

Doh...

[Abdoulaye's Twin]

Thankfully I have managed to roll back Onedrive to a week ago. Means I've only lost a small amount of data and about 80% of that I can recreate with a few hours work. Fecking relieved I am!

Anyone with a QNAP Nas get it disconnected from the Interweb sharpish.

[Worthy4England]

Thankfully I have managed to roll back Onedrive to a week ago. Means I've only lost a small amount of data and about 80% of that I can recreate with a few hours work. Fecking relieved I am!

Anyone with a QNAP Nas get it disconnected from the Interweb sharpish.

Whew. And yes, hide the thing off Internet facing...

[Bruce Rioja]

Enfield. Anything to add?

[Gary the Enfield]

Enfield. Anything to add?

Well only have you tried switching it off and on again?

[Abdoulaye's Twin]

Enfield. Anything to add?

Well only have you tried switching it off and on again?

It is in the bin

[Abdoulaye's Twin]

Credit where it is due. The police have been excellent in following up with me and investigating it. My Nas drive was collected by the local police and taken over to Inverness and it is now in Glasgow with the cyber crime lot. They've been in touch several times to update me and ask questions about devices on my network. You often hear stories of them not attending a lower level crime, but they've put quite a few man/woman hours into it already.

[Worthy4England]

Credit where it is due. The police have been excellent in following up with me and investigating it. My Nas drive was collected by the local police and taken over to Inverness and it is now in Glasgow with the cyber crime lot. They've been in touch several times to update me and ask questions about devices on my network. You often hear stories of them not attending a lower level crime, but they've put quite a few man/woman hours into it already.

cyber leaves footprints...easier than chasing some random who nicked your 12 year old tent from your shed...