Like many on here I love my music. Over the years I have collected over 700 LP's and nearly 200 CD's (and growing). The problem with that is…space. Where to put them all. I have the LP's in an alcove cupboard, the CD's in racks in the opposite alcove and on two floor standing carousels. But, not wishing to be classed as a dinasaur, about five years ago I set about transferring all of my CD's to digital format burning them onto iTunes, which meant I could also access them to play through my Sonos speakers dotted about the house. I bought a two bay QNAP NAS holding in total 12TB and transferred my iTunes onto that. Some three cd burners and months and months of burning later it was done and for about five years it has worked a treat and now with the likes of Apple Music and Spotify and downloading in general being the way music is going, my other half decided on two things…she wants the lounge re-imagined after 20 years, and she was fed-up with all these CD's and as we had access to them digitally, the CD's had to go. Anything for a peacful life I gave in, but was adamant I would not 'get rid' of the CD's as everyone I have spoken to about it said I should, but store them in the loft. Just after Christmas, I burned a few newly aquired CD's as normal. Two days later I went into iTunes to access one of the albums and saw that randome tracks were missing…funny. I then went to access an old album and again randome tracks were missing. I checked my NAS but all the tracks of the said albums were there. Then I noticed it… The tracks that were on my NAS but not on iTunes had a strange symbol next to them, as opposed to the album cover artwork as normal and instead of M4a or whatever the prefix '7z' then sat at the top of the track listing was a 'read me' file which had never been there before. Upon opening it it said this… !!! ALL YOUR FILES HAVE BEEN ENCRYPTED !!! All your files were encrypted using a private and unique key generated for the computer. This key is stored in our server and the only way to receive your key and decrypt your files is making a \*\*\*\*\*\*\* payment. I have spoken to QNAP who said 'you've been hacked'…no s\*\*t Sherlock! Have been trying to restore back using the Qrescue and a thing called photorec to before, but to no avail. I have protection and I use a VPN and DO NOT go onto dodgy sites..at 63 I can't be arsed. I spend most of my computer time on here, YouTube or BBC News. So, I will have to get them all down from the loft and spend months burning all my CD's yet again. We work hard for what we have and some scum sucking pond life thinks for doing that we are mugs, and so have the have the right to take it away. If there is any justce I just hope whichever dirty \*\*\* hole did this, has his or her underwear infested with a thousand lice, coupled with a sever case of thrush and a rotting of the flesh on thier fingers, nose and genetalia. Rant over.

@"Pompeyexile"#p8614 Very sorry to hear this. I can imagine what you must be going through. Paying the ransom is one thing and decrypting is a pain with no guarantee you can restore to the original set up. This has been the general experience within my known circle. Sorry to pour some fuel to the issue? Would you mind explaining your network set up please ? @"DavecUK"#1 I think we should create a sub-category where we can push smart stuffs, computers, security, etc to that. Hope it makes sense. 😊

@"Pompeyexile"#p8614 is your NAS stored remotely and permanently connected on the internet or is your NAS part of your local network?

> @"Pompeyexile"#p8614 If there is any justce I just hope whichever dirty \*\*\* hole did this, has his or her underwear infested with a thousand lice, coupled with a sever case of thrush and a rotting of the flesh on thier fingers, nose and genetalia. With you on that🤬…..hope you can get it sorted without too much pain.

Considering the attack, probably connected to the internet unless got inflected with offline patches. I won’t speculate.

Thanks for your responses. I am as we say from Pompey a complete DOUGHNUT when it comes to computers. I manage to scrape by and as long as I have details simple to follow instructions then fine, if not, I am scuppered. This is the issue I am having with QNAP at the moment. They have sent me instructions on how to hopefully recover but when a screen shot they show doesn't match what I am seeing on my computer then I'm stuffed. So, please bare with me if I do not give the answers you expect, it's probably because I have no idea either what you are talking about, or how to find the information you require. To sum that up, I am a plug and play guy and if it doesn't play after plugging it in…. I got a two bay NAS each 6 TB thinking that the iTunes would go onto one bay and then be automatically backed up to the other bay for safety in case the 1st bay went down, but now I'm not so sure that has happened. So, I my NAS is connected directly to my router but my laptop says the BT network is a private network. My setup… QNAP NAS connected via ethernet cable to my BT router. I access it through my Dell laptop where I call up iTunes. iTunes is pointing at the files on the NAS so whenever I burn a CD to iTunes it automatically appears on the NAS. My laptop runs Windows 10 64 bit pro and has NordVPN and NordPass, I use Firefox and Duck Duck Go search engine. I use an add blocker too and every day at least twice a day I use CCleaner to get rid of trackers etc.

> @"Pompeyexile"#p8624 To sum that up, I am a plug and play guy and if it doesn’t play after plugging it in…. I was thinking of suggesting a network isolation, keeping things on your local network and so on. I think you are smart enough to figure out, but it’s better to keep things simple for your type. > @"Pompeyexile"#p8624 I got a two bay NAS each 6 TB thinking that the iTunes would go onto one bay and then be automatically backed up to the other bay for safety in case the 1st bay went down Is the back up clean or is that also affected? Does your back up keeps versioning so that you can restore from a clean version.? > @"Pompeyexile"#p8624 QNAP NAS connected via ethernet cable to my BT router. I access it through my Dell laptop where I call up iTunes. iTunes is pointing at the files on the NAS so whenever I burn a CD to iTunes it automatically appears on the NAS. My laptop runs Windows 10 64 bit pro and has NordVPN and NordPass, I use Firefox and Duck Duck Go search engine. * it’s all internet facing as I thought it will be * Does your computer connect the NAS through VPN? * How do you access the NAS ? Is it via the computer as a network attached device ? * What firewall - router do you have ? * Are you able to access your NAS directly without the laptop? I think this is what you should do as a first step - take it off the net, access offline and restore. You are going to require a firewall before you connect your devices (modem —> firewall —> router —> devices). This can be done once you fix the hacked NAS. Please do not reconnect it on the net once you fix the NAS. We will look into how to make it simpler for you. I suspect you may require plenty of help. You may also go [here](https://www.snbforums.com/) and post for help.

@"Pompeyexile"#p8624 - so by the sounds of it, your NAS is connected locally. Which means, if I understand correctly, your local network got hacked, somehow. That is really bad, as, if I’m reading your post correctly, it could also been your computer, or any other device, as it’s connected to the same network. I might be wrong on this as I don’t know how your NAS setup works and whether it is exposed to the wide network. If I were you, I’d consider reviewing your router for vulnerabilities. If configured properly, even if they grab hold of your IP address, they should only be able to come in through a vulnerability or by spoofing something from inside as @"LMSC"#16 aludes to.

@"Pompeyexile"#p8624 Please see [this](https://www.snbforums.com/threads/ts-453d-questions.76915/#post-742371) thread.

@"LMSC"#p8630 - looks like a vulnerability on the NAS setup then. Not as bad as I thought, thankfully. That’s a good thing, in a way.

@"MediumRoastSteam"#p8631 Recent event, assuming it is the [same issue ](https://forum.qnap.com/viewtopic.php?f=45&t=164797)

Hacked off with Hackers

DavecUK

LMSC @DavecUK I think we should create a sub-category where we can push smart stuffs, computers, security, etc to that. Hope it makes sense. 😊

The Computers & IT category is now created…

A lot of NAS systems think you want to remotely access your files and that may have been enabled by default, with something like the admin admin password, or even supporting anonymous login, …as people rarely change it

LMSC

DavecUK Thx Dave.

Exactly. Most of them are enabled by default. Must install the Security Controller for QNAP. It isn’t by default.

LMSC

I would also recommend that get everything off the net until you sort this out. You use your smartphone and the data from the mobile service provider for your daily use temporarily. Please go to that URL I provided. Most of those guys there are seasoned and internet security hardened prosumers. You will get plenty of experts’ help to fix your problems. Please keep us posted and reach for any assistance.

You seem to have a decent security enabled on your PC. Hope it is insulated.

Pompeyexile

Thank you so much for your advice, help and questions. I will need some time to go through it and hopefully find some answers so please do not think I am ignoring your advice/questions…I’m just a bit slow when it comes to much of this and may well (probably) be back with some stupid questions.

Alpesh

I don’t have a QNAP but been using Synology since 2010. They will be very similar but a few tips I’ve had are to disable the default admin account and create a new one and if you are going to be opening ports externally then don’t use the default ones as those are the ones hackers target most often. I just tend to remap to different port numbers.

LMSC

No worries mate! Please take your time. What ever you do, please disconnect all internet-facing devices that are connected to at least the same network.

tompoland

VPN doesn’t help much with security as such. A simple password is often an issue with hacker issues. Best to use a web browser plugin like lastpass to generate complex passwords. Spoken as someone who has been hacked.

DavecUK

tompoland Or Bitwarden which is free.

https://bitwarden.com/

dfk41

from my old days of using a NAS, you need to decide on the configuration for the Raid. I think Raid 2 means whatever you write to disk one, automatically transfers to disk 2. I used to be an avid collector of music back in the day, ripping anything and everything I could from all sources. That has all changed now with the advent of streaming.
So, I have a NAS which is largely redundant since I retired and do not need to store client files etc on. I play virtually all music over Youtube or Spotify. Once in a while I revisit my music collection since my smart tv picks up the NAS and it is a laugh. My advice to you is leave the music collection where it is and take advantage of the modern way. As annoying as it is, life is too short. That said, you do need to discover what happened in order to try and prevent it from happening again. Good luck matey!

Pompeyexile

Update… Having had some response from Qnap on how to retrieve my files I have had to buy a higher capacity external hard drive to connect to my NAS on which to hopefully put the restored files. It seems the old 2TB one I have is not big enough. So, I’ve got an 8TB WD MyBook which should be here tomorrow (Monday).

One very simple and daft question though…My NAS is connected directly to my BT home Hub router by a cable. Going into the router it shows it has a static IP address. In configuration I have UPnP turned off, yet in the firewall port forwarding section it shows UPnP ticked and if I click on the red cross, it asks if I want to remove the rules. Plus, being as thick as I am, I don’t understand why there are so many lines for my Nas showing.

So, is my NAS connecte to the internet or not? if it is how do I disconnect it and have it only connected to my local (home) network? My laptop connected to the internet does say Private Network.

Sorry for being such a dunce.

LMSC

Pompeyexile Happy to help, but my simple recommendation, which you won’t regret is:

Head here, join and post here

You are going to require potentially a lot of help to sort your NAS, firewall, network. The guys on that link are security conscious / hardened prosumers and professionals, who can provide QNAP specific advice.

Doram

Pompeyexile Update… Having had some response from Qnap on how to retrieve my files I have had to buy a higher capacity external hard drive to connect to my NAS on which to hopefully put the restored files. It seems the old 2TB one I have is not big enough. So, I’ve got an 8TB WD MyBook which should be here tomorrow (Monday).

Do you know by any chance how the hackers got in to your NAS? Do you think you did something silly like leaving the door open (not disabling the default or guest administrator account or choosing a very easy password, or not enabling basic security in some way), or did you do all the obvious things and got broken in by sophisticated professionals who could steal the crown jewels?

I have read the tread with interest (and some panic), and hoping I can learn from your experience so I don’t have the same problem on my Synology. I don’t have much more knowledge than you, so went to see the basic security reports that are build in to the NAS. I disabled the default admin when I first set up the NAS, and now I turned on the Firewall, enabled auto-block for too many failed log-in attempts and enabled Denial-of-service protection. When I run the built-in security report everything looks dandy. I also added two-factor verification for the administrator account as a result of reading this thread - but is this enough?

I see suggestions here to not connect the NAS to the internet, but not sure exactly what this means. I access my files, share photos with family and use UPnP to play music over the internet from the NAS - that is part of the point of having it, is it not? By doing this, am I inviting hackers in to hack me with ransomware, or does the advise to disconnect from the internet means something else? Would love to know if I am reasonably protected or not.

Pompeyexile

LMSC Happy to help, but my simple recommendation, which you won’t regret is:

Head here, join and post here

Posted my problem…finger’s crossed.

Pompeyexile

Cheers LMSC will do.

LMSC

Pompeyexile See you there! 😊

Pompeyexile

I’ll hold my hands up and be totally honest, they probably got in because I am about as computer savvy as I am about Nuclear Physics, and considering I had trouble getting a grade D in CSE maths, that will give you a clue.

I didn’t know at the time that using admin access was a no no. I thought I was clever with the password but obviously not. I naively thought that buying a 2 bay NAS that what you put on one was automatically backed up to the other. I thought that was secure….but I now know it is not and I need another external drive to back up to.

Like you, I also sometimes access my music via a Sonos app on my phone to stream music around my house and I don’t know if that is done by UPnP or not… in fact, I didn’t and still don’t have a Scooby what UPnP is. People mention about port forwarding… they may as well be speaking Japanese to me as it means nowt.

I’m told don’t have the NAS connected to the internet… well all I know is that it is connected with a cable to my BT router… is that connected to the internet? I just don’t know.

So, as LMSC has suggested I have joined the SNB forum and will ask all my daft questions there and hope thay can guide me to a solution that means I can have it all back as it was, but also protected from the tw*ts who did this too me.

Sorry I couldn’t been more help…now, if you’d asked me about a good recipe for ginger cake… I’m your man.

DavecUK

Pompeyexile A lot of modern NAS systems assume you want to access your files when you are away from home. They also implement front-end web servers and other things. It’s often very difficult to understand when you are enabling all these great features, and usually they are turned off by default. If your NAS is connected to a router it’s potentially connected to the internet if port 8080 is opened plus some others, and also if you have enabled the web services or the web interface or remote access to your files.

Doram

Pompeyexile Sorry I couldn’t been more help…now, if you’d asked me about a good recipe for ginger cake… I’m your man.

Hahaha, I also thought about sourdough when I read your message. I can say UPnP (because the app I use to play music over the Wi-Fi is called Bubble UPnP; but do I actually know what it means? I won’t even pretend). So I think we might be in a similar boat, only yours has already sank and mine is still floating (for now).

It would have been reassuring to know that you left the default admin account active (or opened an admin account called “admin” with a password also “admin” [or “password” or “123456”]) - effectively inviting hackers in. Did you? If not, and you had a strong password, and firewall turned on, and no big red exclamation marks flashing when you turned the thing on, but still got hacked - then that is more worrying for the rest of us (or me, at least).

The redundancy (two hard drives mirroring each other with the same content) is something I do understand though (I think): it is a back up in case one of your drives fails for a technical reason (which is something that can happen). In this case, you have the content on your second drive, and you only need to replace the bad drive for the system to recover. This will not help, however, if the whole NAS burns in a fire, or if hackers go inside and maliciously attack your files. For this you need a real back up, preferably somewhere else, and even better if it’s not connected to the NAS (best if it’s not connected to anything, if you have really important files you can’t afford to lose).

Pompeyexile

DavecUK If your NAS is connected to a router it’s potentially connected to the internet if port 8080 is opened plus some others, and also if you have enabled the web services or the web interface or remote access to your files.

Well Dave, looking at the screen shot above port 8080 is at the top so I’m guessing I am connected to the internet. I disconnect the cable from the NAS to the router and found I couldn’t connect to the NAS via my laptop any more, so I guess that means it is connected tot the internet. Have to re-connect it to access my NAS when I do the recovery.

LMSC

Normally, Internet > Modem > Firewall > Router / Switch > Lan > VIrtual Lan

VLan1 - admin (denied access to every one) inc internet

Vlan 2 - trusted applications face internet

Vlan 3 - TVs and speakers need access to internet

Vlan 4 - Untrusted devices inc IOTs - denied internet access

Vlan 5 - can be critical apps are isolated and allowed internet access. You can have your NAS here or spin off a seperate LAN. Nas will be denied internet access. All Nas patches are done locally.

Vlan 5 can have access to NAS and the same for Vlan 3. But, Vlan3 can only read.

Unless the rules are enabled to deny internet access on the router, anything connected to the modem will get access.

I don’t have the need for Nas as I don’t store music, movies, etc. All are subscriptions. My music - whatever we have - backed up by one drive under family plan. I have a local back up should anything happen.

Judging at the firewall rules, the NAS has access to the net!

I haven’t used QNAP or Synology and hence the advise to go to the SNB!

« Previous Page Next Page »