22-04-2021, 07:51 PM
(Este mensaje fue modificado por última vez en: 22-04-2021, 08:48 PM por DonPeter.
Razón: .
)
Buenas, os dejo info del twitter de QNAP: https://twitter.com/QNAPEspana/status/13...8991011840
Además indicar que, si os ha entrado a alguno podéis intentar:
1. Do NOT REBOOt NAS , you can pass all steps if you already did
2. Connect nas over ssh
3. Use the command below to find if ransomware is in progress.
ps | grep 7z
4. If 7z is running, run command bellow
cd /usr/local/sbin; printf '#!/bin/sh \necho $@\necho $@>>/mnt/HDA_ROOT/7z.log\nsleep 60000' > 7z.sh; chmod +x 7z.sh; mv 7z 7z.bak; mv 7z.sh 7z;
5. Wait couple minutes use cat to grep encrypt key
cat /mnt/HDA_ROOT/7z.log
Looks like bellow
a -mx=0 -sdel -pmFyBIvp55M46kSxxxxxYv4EIhx7rlTD [FOLDER PATH]
mFyBIvp55M46kSxxxxxYv4EIhx7rlTD is decrypt password
6. Reboot nas and use mFyBIvp55M46kSxxxxxYv4EIhx7rlTD decrypt your files
Si lo veis complicado abrir un ticket desde service.qnap.com
Saludos!!
Además indicar que, si os ha entrado a alguno podéis intentar:
1. Do NOT REBOOt NAS , you can pass all steps if you already did
2. Connect nas over ssh
3. Use the command below to find if ransomware is in progress.
ps | grep 7z
4. If 7z is running, run command bellow
cd /usr/local/sbin; printf '#!/bin/sh \necho $@\necho $@>>/mnt/HDA_ROOT/7z.log\nsleep 60000' > 7z.sh; chmod +x 7z.sh; mv 7z 7z.bak; mv 7z.sh 7z;
5. Wait couple minutes use cat to grep encrypt key
cat /mnt/HDA_ROOT/7z.log
Looks like bellow
a -mx=0 -sdel -pmFyBIvp55M46kSxxxxxYv4EIhx7rlTD [FOLDER PATH]
mFyBIvp55M46kSxxxxxYv4EIhx7rlTD is decrypt password
6. Reboot nas and use mFyBIvp55M46kSxxxxxYv4EIhx7rlTD decrypt your files
Si lo veis complicado abrir un ticket desde service.qnap.com
Saludos!!