Foro QNAP en español   ›   GENERAL   ›   Cuestiones técnicas   ›   Qnap Ransomware

Qnap Ransomware
Moreno
New QNAP
*
Joined: Apr 2021
Posts: 8

Reputation: 2
#33
28-04-2021, 09:52 AM
(28-04-2021, 12:55 AM)monchang Wrote: Estoy en la la situación que aunque no he reiniciado que yo sepa, no veo en el log de public la clave, he puesto un ticket en qnap y no se como se podrá solucionar, intento hacer correctamente lo que pone por ssh pero el 7z.log que genera no lleva ninguna clave. Esto es nuevo para mi y me ha superado..... ayuda..

/usr/local/sbin/7z.orig "t" "/share/CACHEDEV1_DATA/Public/RAMON/DOCUMENTACION/DNI/DNI.jpeg.7z"
/proc/26143:/bin/sh
Uid: 0 0 0 0
/proc/26142:/bin/sh
Uid: 0 0 0 0
/proc/26138:/home/httpd/cgi-bin/filemanager/utilRequest.cgi
Uid: 0 0 0 0
/proc/26137:/home/httpd/cgi-bin/filemanager/utilRequest.cgi
Uid: 0 0 0 0
/proc/17420:/mnt/ext/opt/apache/bin/apache
Uid: 0 0 0 0
/proc/13746:/mnt/ext/opt/apache/bin/apache
Uid: 0 0 0 0
/usr/local/sbin/7z.orig "x" "/share/CACHEDEV1_DATA/Public/RAMON/DOCUMENTACION/DNI/DNI.jpeg.7z" "-o/share/CACHEDEV1_DATA/Public/RAMON/DOCUMENTACION/DNI/.wfm_213295600" "-p" "-PF/tmp/wfm/wfm2_extract_status26138_percent" "-aoa"
/proc/26216:/bin/sh
Uid: 0 0 0 0
/proc/26215:/bin/sh
Uid: 0 0 0 0
/proc/26141:/home/httpd/cgi-bin/filemanager/utilRequest.cgi
Uid: 0 0 0 0
/usr/local/sbin/7z.orig "x" "-so" "./data.tar.7z"
/proc/27377:/bin/sh
Uid: 0 0 0 0
/proc/26841:/bin/sh
Uid: 0 0 0 0
/proc/26840:/bin/sh
Uid: 0 0 0 0
/proc/26734:/bin/sh
Uid: 0 0 0 0
/proc/26733:/bin/sh
Uid: 0 0 0 0
/proc/25631:/usr/local/sbin/qpkgd
Uid: 0 0 0 0
/proc/7368:/usr/local/sbin/qpkgd
Uid: 0 0 0 0
/usr/local/sbin/7z.orig "x" "-so" "./data.tar.7z"
/proc/27874:/bin/sh
Uid: 0 0 0 0
/proc/26841:/bin/sh
Uid: 0 0 0 0
/proc/26840:/bin/sh
Uid: 0 0 0 0
/proc/26734:/bin/sh
Uid: 0 0 0 0
/proc/26733:/bin/sh
Uid: 0 0 0 0
/proc/25631:/usr/local/sbin/qpkgd
Uid: 0 0 0 0
/proc/7368:/usr/local/sbin/qpkgd
Uid: 0 0 0 0

Hola monchang

He elaborado una pequeña guía o tutorial con bastante información sobre el ataque, toda ella recabada de foros de seguridad y foro de qnap. Con ella pretendo simplemente ayudar, se explica que puede ser que el fichero 7z.log este vacio, también he de decirte que si le has pasado el Malware de Qnap este traslada el 7z.log de ubicación. Hay una manera de recuperar la info que esta explicada en el artículo, espero que te sea de ayuda. 

https://blogdeanillas.wordpress.com/2021/04/26/qlocker-qnap-nas-ransomware-encrypting-with-extension-7z-read_me-txt/

Cualquier cosa no dudes en preguntar.
Un saludo.

(QNAP TVS-663)
  Website
  Reply


Messages In This Thread
Qnap Ransomware - by JLMG1989 - 21-04-2021, 10:41 AM
RE: Qnap Ransomware - by Ganekogorta - 21-04-2021, 12:30 PM
RE: Qnap Ransomware - by JLMG1989 - 21-04-2021, 04:12 PM
Qnap Ransomware - by Ganekogorta - 21-04-2021, 04:22 PM
RE: Qnap Ransomware - by Oficina - 21-04-2021, 04:28 PM
RE: Qnap Ransomware - by JLMG1989 - 21-04-2021, 06:10 PM
Qnap Ransomware - by Ganekogorta - 21-04-2021, 08:19 PM
RE: Qnap Ransomware - by DonPeter - 22-04-2021, 07:51 PM
RE: Qnap Ransomware - by Alvarosie - 23-04-2021, 03:28 PM
RE: Qnap Ransomware - by Tachu - 22-04-2021, 08:49 PM
RE: Qnap Ransomware - by DonPeter - 22-04-2021, 09:03 PM
RE: Qnap Ransomware - by Tachu - 23-04-2021, 11:20 AM
RE: Qnap Ransomware - by DonPeter - 23-04-2021, 02:19 PM
RE: Qnap Ransomware - by JLMG1989 - 23-04-2021, 01:34 PM
RE: Qnap Ransomware - by DonPeter - 23-04-2021, 04:51 PM
RE: Qnap Ransomware - by Alvarosie - 24-04-2021, 07:55 PM
RE: Qnap Ransomware - by Oroimenak - 24-04-2021, 10:02 AM
Qnap Ransomware - by Ganekogorta - 24-04-2021, 10:38 AM
RE: Qnap Ransomware - by Oroimenak - 24-04-2021, 12:26 PM
Qnap Ransomware - by Ganekogorta - 24-04-2021, 01:55 PM
RE: Qnap Ransomware - by Oroimenak - 24-04-2021, 02:10 PM
Qnap Ransomware - by Ganekogorta - 24-04-2021, 03:04 PM
RE: Qnap Ransomware - by Sphera - 25-04-2021, 04:47 PM
RE: Qnap Ransomware - by Moreno - 25-04-2021, 06:51 PM
RE: Qnap Ransomware - by Sphera - 25-04-2021, 08:05 PM
RE: Qnap Ransomware - by Moreno - 25-04-2021, 08:27 PM
RE: Qnap Ransomware - by Sphera - 25-04-2021, 08:40 PM
Qnap Ransomware - by Ganekogorta - 25-04-2021, 08:09 PM
RE: Qnap Ransomware - by Moreno - 25-04-2021, 08:44 PM
Qnap Ransomware - by Ganekogorta - 25-04-2021, 10:20 PM
RE: Qnap Ransomware - by monchang - 28-04-2021, 12:55 AM
RE: Qnap Ransomware - by Moreno - 28-04-2021, 09:52 AM
RE: Qnap Ransomware - by monchang - 28-04-2021, 07:18 PM
Qnap Ransomware - by Ganekogorta - 28-04-2021, 06:20 AM
RE: Qnap Ransomware - by Oroimenak - 28-04-2021, 07:22 PM
Qnap Ransomware - by Ganekogorta - 28-04-2021, 07:27 PM
RE: Qnap Ransomware - by Oroimenak - 28-04-2021, 07:28 PM
Qnap Ransomware - by monchang - 28-04-2021, 07:29 PM
RE: Qnap Ransomware - by Tachu - 28-04-2021, 07:54 PM
Qnap Ransomware - by Ganekogorta - 28-04-2021, 08:00 PM
RE: Qnap Ransomware - by Tachu - 28-04-2021, 08:12 PM
RE: Qnap Ransomware - by Miguel Sareo Sanchez - 02-08-2021, 10:31 AM
Qnap Ransomware - by Ganekogorta - 22-09-2021, 07:33 PM



Users browsing this thread: 1 Guest(s)