Due to a vulnerability in QNap devices that apparently has yet to be fixed, ransomware is targeting them and Synology. So my qnap NAS, which has data going back roughly 20 years, has all been encrypted by eCh0raix. The majority of the data loss is an inconvenience, but the photos are not something I can just redownload. It also seems to target only certain file types. Most image files are encrypted but it ignored BMP. My AppGameKit files are untouched by DBA files are all encrypted, so there goes all my darkbasic code. My NAS wasn't suppose to be open to the internet, but I think it's internal media server might've opened a port I didn't know about. I've since blocked it from the router but I'm still not a happy camper this weekend. To my knowledge and web searches, the keys for this attack have not been discovered or released yet.
I'm backing up all the data, encrypted files included, and wiping the NAS. With any luck, my old buffalo nas is still intact and can recover a large majority of the data. I just gotta find it.
Encrypted files are roughly twice the size of the original, so that's not helping the backup process, I had to pickup a 4TB external yesterday. I started writing a powershell script to auto search for the original files and overwrite the encrypted ones, but have run into issues with that. I can still access the data through windows network share (using smb I think). But I'm not able to load the qnap web interface to login or ssh to the device. And many of the files on the nas will give an error stating the file doesn't exist if you try to do anything with it, even though I can open them from the current location. I can zip the file in place, move the zip, then unzip and that works so I think this is a windows bug. I have not attempted to reboot the NAS yet, I'm not sure what effect that would have on the existing data.