Like many on here I love my music. Over the years I have collected over 700 LP's and nearly 200 CD's (and growing). The problem with that is…space. Where to put them all. I have the LP's in an alcove cupboard, the CD's in racks in the opposite alcove and on two floor standing carousels. But, not wishing to be classed as a dinasaur, about five years ago I set about transferring all of my CD's to digital format burning them onto iTunes, which meant I could also access them to play through my Sonos speakers dotted about the house. I bought a two bay QNAP NAS holding in total 12TB and transferred my iTunes onto that. Some three cd burners and months and months of burning later it was done and for about five years it has worked a treat and now with the likes of Apple Music and Spotify and downloading in general being the way music is going, my other half decided on two things…she wants the lounge re-imagined after 20 years, and she was fed-up with all these CD's and as we had access to them digitally, the CD's had to go. Anything for a peacful life I gave in, but was adamant I would not 'get rid' of the CD's as everyone I have spoken to about it said I should, but store them in the loft. Just after Christmas, I burned a few newly aquired CD's as normal. Two days later I went into iTunes to access one of the albums and saw that randome tracks were missing…funny. I then went to access an old album and again randome tracks were missing. I checked my NAS but all the tracks of the said albums were there. Then I noticed it… The tracks that were on my NAS but not on iTunes had a strange symbol next to them, as opposed to the album cover artwork as normal and instead of M4a or whatever the prefix '7z' then sat at the top of the track listing was a 'read me' file which had never been there before. Upon opening it it said this… !!! ALL YOUR FILES HAVE BEEN ENCRYPTED !!! All your files were encrypted using a private and unique key generated for the computer. This key is stored in our server and the only way to receive your key and decrypt your files is making a \*\*\*\*\*\*\* payment. I have spoken to QNAP who said 'you've been hacked'…no s\*\*t Sherlock! Have been trying to restore back using the Qrescue and a thing called photorec to before, but to no avail. I have protection and I use a VPN and DO NOT go onto dodgy sites..at 63 I can't be arsed. I spend most of my computer time on here, YouTube or BBC News. So, I will have to get them all down from the loft and spend months burning all my CD's yet again. We work hard for what we have and some scum sucking pond life thinks for doing that we are mugs, and so have the have the right to take it away. If there is any justce I just hope whichever dirty \*\*\* hole did this, has his or her underwear infested with a thousand lice, coupled with a sever case of thrush and a rotting of the flesh on thier fingers, nose and genetalia. Rant over.

@"Pompeyexile"#p8614 Very sorry to hear this. I can imagine what you must be going through. Paying the ransom is one thing and decrypting is a pain with no guarantee you can restore to the original set up. This has been the general experience within my known circle. Sorry to pour some fuel to the issue? Would you mind explaining your network set up please ? @"DavecUK"#1 I think we should create a sub-category where we can push smart stuffs, computers, security, etc to that. Hope it makes sense. 😊

@"Pompeyexile"#p8614 is your NAS stored remotely and permanently connected on the internet or is your NAS part of your local network?

> @"Pompeyexile"#p8614 If there is any justce I just hope whichever dirty \*\*\* hole did this, has his or her underwear infested with a thousand lice, coupled with a sever case of thrush and a rotting of the flesh on thier fingers, nose and genetalia. With you on that🤬…..hope you can get it sorted without too much pain.

Considering the attack, probably connected to the internet unless got inflected with offline patches. I won’t speculate.

Thanks for your responses. I am as we say from Pompey a complete DOUGHNUT when it comes to computers. I manage to scrape by and as long as I have details simple to follow instructions then fine, if not, I am scuppered. This is the issue I am having with QNAP at the moment. They have sent me instructions on how to hopefully recover but when a screen shot they show doesn't match what I am seeing on my computer then I'm stuffed. So, please bare with me if I do not give the answers you expect, it's probably because I have no idea either what you are talking about, or how to find the information you require. To sum that up, I am a plug and play guy and if it doesn't play after plugging it in…. I got a two bay NAS each 6 TB thinking that the iTunes would go onto one bay and then be automatically backed up to the other bay for safety in case the 1st bay went down, but now I'm not so sure that has happened. So, I my NAS is connected directly to my router but my laptop says the BT network is a private network. My setup… QNAP NAS connected via ethernet cable to my BT router. I access it through my Dell laptop where I call up iTunes. iTunes is pointing at the files on the NAS so whenever I burn a CD to iTunes it automatically appears on the NAS. My laptop runs Windows 10 64 bit pro and has NordVPN and NordPass, I use Firefox and Duck Duck Go search engine. I use an add blocker too and every day at least twice a day I use CCleaner to get rid of trackers etc.

> @"Pompeyexile"#p8624 To sum that up, I am a plug and play guy and if it doesn’t play after plugging it in…. I was thinking of suggesting a network isolation, keeping things on your local network and so on. I think you are smart enough to figure out, but it’s better to keep things simple for your type. > @"Pompeyexile"#p8624 I got a two bay NAS each 6 TB thinking that the iTunes would go onto one bay and then be automatically backed up to the other bay for safety in case the 1st bay went down Is the back up clean or is that also affected? Does your back up keeps versioning so that you can restore from a clean version.? > @"Pompeyexile"#p8624 QNAP NAS connected via ethernet cable to my BT router. I access it through my Dell laptop where I call up iTunes. iTunes is pointing at the files on the NAS so whenever I burn a CD to iTunes it automatically appears on the NAS. My laptop runs Windows 10 64 bit pro and has NordVPN and NordPass, I use Firefox and Duck Duck Go search engine. * it’s all internet facing as I thought it will be * Does your computer connect the NAS through VPN? * How do you access the NAS ? Is it via the computer as a network attached device ? * What firewall - router do you have ? * Are you able to access your NAS directly without the laptop? I think this is what you should do as a first step - take it off the net, access offline and restore. You are going to require a firewall before you connect your devices (modem —> firewall —> router —> devices). This can be done once you fix the hacked NAS. Please do not reconnect it on the net once you fix the NAS. We will look into how to make it simpler for you. I suspect you may require plenty of help. You may also go [here](https://www.snbforums.com/) and post for help.

@"Pompeyexile"#p8624 - so by the sounds of it, your NAS is connected locally. Which means, if I understand correctly, your local network got hacked, somehow. That is really bad, as, if I’m reading your post correctly, it could also been your computer, or any other device, as it’s connected to the same network. I might be wrong on this as I don’t know how your NAS setup works and whether it is exposed to the wide network. If I were you, I’d consider reviewing your router for vulnerabilities. If configured properly, even if they grab hold of your IP address, they should only be able to come in through a vulnerability or by spoofing something from inside as @"LMSC"#16 aludes to.

@"Pompeyexile"#p8624 Please see [this](https://www.snbforums.com/threads/ts-453d-questions.76915/#post-742371) thread.

@"LMSC"#p8630 - looks like a vulnerability on the NAS setup then. Not as bad as I thought, thankfully. That’s a good thing, in a way.

@"MediumRoastSteam"#p8631 Recent event, assuming it is the [same issue ](https://forum.qnap.com/viewtopic.php?f=45&t=164797)

Hacked off with Hackers

Pompeyexile

Doram So if the hackers didn’t guess the password - how did they get in? And more importantly - how do I keep them out of mine?

That is the very question I will be asking QNAP because without an answer, how do I prevent it from happening again?

LMSC

PhotoRec is the typical program QNAP would recommend to install, run and recover the Q-locker encrypted 7z files. It recovers and names the file in the same order numerically as they were stored on the source disk.

I am not sure how it would work if the files are fragmented and the risks of deleted files getting rewritten on the same sector as the deleted files. I’m sure, this is the program QNAP would have advised Pompeyexile to download and run.

Doram

LMSC If you want to up the security, consumer routers are not enough.

Well, it will have to do, because there is a limit to how much I am prepared to do to protect some old CD’s and the family photos. My best security approach is not having anything worth stealing. Worked nicely till now. If hackers ever steal my files for ransom, they will be wasting their time.

LMSC

Doram You have a mirror, back up and a security, which are happy. DW. If you get encrypted, tell them to **, wipe the system clean, reformat and restore.

CoffeePhilE

Doram So if the hackers didn’t guess the password - how did they get in

There is no certain answer to that, but there are several possibilities. It is certainly believed that the previous QNAP ramsomware attack was via a couple of issues with some QNAP software …. though I haven’t seen confirmation of that.

When all is said and done, there is NO WAY to completely protect a NAS from hacking, short of not having it connected to the internet, or to your LAN, if that is conected to the internet.

Short of that, there are things you can do to reduce risk. One is the VLAN scheme suggested above, but it is not a trivial thing for somewhat not comfortable with networking. The most obvious thing, as you’ve now realised, is to have a separate backup and to format the NAS and reload. Just be sure your backup is actually working first. Which is why, if the data matters, it’s best to have two or three copies in different places.

There are a couple of useful, practical steps. First, keep the NAS up to date. Keep an eye on the availability of OS/firmware updates in the NAS control panel. Keep it current. This is not a guarantee of success, but it cuts the odds down of them getting in.

Next, do a search on, say, Youtube, for QNAP and something like “securing your NAS”. There are a variety of configuration settings which, depending on how they’re set, make your box less or more secure. One example is turning off UPnP. Many hacks occur through an open ‘port’. UPnP is effectively like saying to the NAS, “hey, here’s all my keys, open whatever you like”. It is a convenient way of getting all sorts of things to work, but it is convenient at the cost of security. It’s like not botherig to lock your house’s doors or wondows, because it’s convenient for you to get in if you don’t. It’s convenient for burglars too.

Those videos will give you a list of settings to turn off, unless you really need them on. Do you, and do you absolutely have to, run a website on your NAS that people can access from outside? No? Make sure the Web Server is turned off. And so on. Lock all the NAS doors, unless you have a really good reason for leaving specific ones open.

Trouble is, unless you know what you’re doing, this is hard work, and confusing. There’s no way round that. It’s part of owning a NAS. It’s risk versus convenience. There is no easy answer. Some things can help, but require expertise. Some require time and effort (like those Youtube security videos). Others can help (better routers, firewalls, etc) but require money spent. Quite a bit of it.

One option is to have two NASs, but of different makes. Maybe one QNAP and one Synology. Odds are that ifa hacker gets into one, they won’t have a doorway into the other. Or one a home-brew TrueNAS built from an old PC. Back up one to another via RSync, and then back up one of those, to a USB disk. Or, back up to cloud services, though that is dependent on how much you have to back up. It can be very expensive (and slow) if daa volumes are high.

Backup always comes down to how much time, effort and money it is worth, to protect whatever data you are trying to protect.

Yes, using non-simple passwords, and restricting the admin account to a single local IP helps, as does (assuming your NAS supports it) setting up 2FA (two factor authentication). Also, turn on and configure notifications so you get alerted to some issues/attacks. If you haven’t already, run the QNAP Security Councellor app in the control panel. Try to decipher what it’s telling you.

But even all that won’t help if they get in via a buggy bit of software. Which is why you need to keep the OS, and all apps, patched and up to date.

Most of all, keep backups, and don’t have the drive(s) they’re on plugged in except when backing up. I’m a bit paranoid. When I’m going to do a major backup (how often depends on how fast your data changes, how important it is, etc) I physically turn my router off before plugging in the backup drive, and remove that drive after backing up, before turning the router back on.

And that helps, but still doesn’t guarantee I’m safe.

Why not? Consider this. A hacker gets in, plants some ransomware-type virus and sets a delay to activation. Weeks later, that bomb detonates, but by then, my external backup is corrupted too. It could happen. So keep the NAS antivirus up to date too, and run it.

I feel for you, pompeyexile. I really do. I’m pretty careful, and have a lifetime (first played with computers in, IIRC, 1967) in IT. I’m no networking or security expert, but I know enough to know I don’t know enough. I take precations and, as I said, am careful but have I missed something? Only time will tell.

Thankfully, now I’m retired, I don’t have any mission-critical data to protect. Getting clobbered would be a pain, but not a disaster. And, I take one more precaution. I have some “air-gapped” equipment. It isn’t EVER connected to a network that’s on an internet-connected network. There is no wifi on it, and no physical connection. But, I have the equipment to do it laying around anyway. Overkill for most people? Probably, yeah. But then, I do have two NASs, both with 4 or more 12TB drives. That’s a bleep-load of data to protect. ;)

DavecUK

CoffeePhilE I have 24 TB, 16 online and 8 offline for cold start.

LMSC

What is it you guys have ? That’s a truck load of data I do not even find in a larger enterprise. 😊

I reckon music and movies mostly. of course photos. We have some music and lots of photos. All are less than a TB. They are on one drive and local back up. Don’t care if I lose the music as we stopped buying music some 12-13 years ago. It’s all family subscription, which we find it convenient as we can listen unlimited music, watch as much as we like and so on. We moved on.

CoffeePhilE

It’s a variety of things. Photograhy is a major hobby of mine, and I’ve been into digital photography for a very long time, and had multiple flatbed and film scanners back to the days of Photoshop being a new product, and Micrografx Picture Publisher. Similarly, video, digitised video etc, and both were a service offered commerically. On top of that, a document-image library. But the thing take takes the biggest chunk is digital video production. It absolutely eats space. My little system is actually pretty modest in that context. Take a look at Linus Sebastin and his Petabyte video editing server.

DavecUK

CoffeePhilE Yup, video footage raw and edited takes up lots of space.

Pompeyexile

A quick update….I tried the recovery QNAP suggested and had to fork out on a new 8TB external hard drive. Plugged it in two days ago and set off the procedure. Yesterday it finally finished the recovery process…. ABSOLUTE RUBBISH!

After checking, it has only recovered random tracks not all those locked as 7Z by the hackers, so I am no better off and it looks like I will have to start again from scratch, get my 2000 CD’sdown from my loft and rip them onto a new clean iTunes and NAS drives. It will take me months!

I have reported to QNAP on the outcome, but I will not hold my breath.

So, once I do get a response from them I will begin again but before I do, I will clean all the data from my NAS and the new 8TB external hard drive. I will learn how to set up a local network only and put my NAS and backup on that. IT WILL NOT BE OPEN TO THE WEB! I will ensure there is the appropriate protection too.

Having said all that, who do I think I am kidding? Whilst I can do the CD ripping, I think I’ll have to get someone in to do the set up bit.

If I wasn’t of such a jolly disposition I could cry. But as they say, worse things happen at sea… or to be more current… at least I’m not living in the Ukraine.

Pompeyexile

Well, I’ve had a response from QNAP….

Good morning,
I am sorry to hear there was not much that was recovered. There is no other options that we have, maybe a data recovery specialist?

I guess you sometimes have to learn lessons the hard way.

LMSC

Pompeyexile Sorry to hear that mate. Hope you get it up and running.

You might ask a pointed question on the other forum, if they will give you a step-by-step instruction. But, it will be very hard unless some one understand your network, set up, devices, intent, etc. You will still have to do it yourself, even with such help.

I am not sure, how much it will cost you. Even if you get it done professionally, the upkeep and preventing it from another event are down to you. 😊

Pompeyexile

LMSC Even if you get it done professionally, the upkeep and preventing it from another event are down to you. 😊

I appreciate that LMSC but evertime I turned on my NAS it said it had scanned for malware and none was found, go figure. But the one thing I will make sure is that the NAS is NOT connected to the internet. I know once everything is deleted from the hard drives and all set back to factory settings, I can still set up the NAS using an ethernet cable connected directly from my laptop to the NAS without the need to connect to the internet and any updates for the NAS or apps can be downloaded to my PC and I can install them from there.

The only thing I cannot get my head round, (and this is where I am as thick as pudding) is once the ethernet cable is disconnected and I’m sitting in my kitchen with my laptop and my NAS is in situe in another room, How do I connect to it from my laptop or my Sonos app on my phone to my NAS where the iTunes will be, if it isn’t connected to the internet or my router?

No doubt if I can get a computer wizz who lives local to come in, they will sort that out.

LMSC

Pompeyexile

Given the extent of your integration with everything and all internet facing, the malware could be anywhere on any system on your network. That’s the reality and am sorry if you don’t like it! 😌

A professional will sort out and get you up and running. He/She can set up the way you want and give you a local connection to your NAS.

A few things, which I will be very particular even with a pro will be:

A full wipe of your NAS system - not a quick format. A look at CCleaner will give you an indication of this
A reformat after that
Your PC and NAS connected to each other - physically. Both of them off the internet
Installation from a media, checked for virus, malware and MD5 sum. Please google if you don’t know what an MD5 is.
Deny admin access, internet access, UPnP, remote, etc The other forum will give you the details. The dos and don’ts can be grabbed from elsewhere..
Run only the last known good version.

Prepare the job and shop around. 😊

DavecUK

You can connect your nas to your local network, just make sure the firewall isn’t letting thing access the NAS as a Server or Webserver from outside your network.

It’s quite likely the malware came in via another device on your network and when executed in the background went looking for stuff to encrypt. It got in because whenever you connect somewhere and download a file you later run, or open a file in an email, you may be opening an executable of some kind.

If a Virus is contained within an executable, that program needs to be run somehow….so the initial virus infection always has to have something run. The infection could be binary e.g. you need both bits..or single. The software runs and perhaps replaces a windows .DLL, pops a .com, or .exe file somewhere replacing another. Rootkits etc.. etc..

It’s quite possible the problem is still on your system, simply waiting for a certain program to be run again. e.g. a backup routine etc…The NAS got targeted, but it doesn’t mean that it had/has the virus on it, or it was the source of the infection getting in.

Scan all devices that connect to the network Android, Apple, Windows. Verify all the windows executables, do scans with 2 or more antivurus programs, do a deep scan. Look at any e-mails where you may have mistakenly opened an executable, thinking it was something else. Try and remember if anything odd happened.

Pompeyexile

Thanks for all your advice chaps it is very much appreciated and it will not be ignored but acted on. I guess numpties like me who are as about as computer literate as a feotus, are easy meat for the unscrupulous out there.

As I say, a lesson hard learned.

Pompeyexile

So, obviously not being prepared to pay the thieves who hacked my NAS and the restore instructions given to me by QNAP has not worked, I have accepted it is lost and therefore, completely restored my QNAP NAS back to factory settings and set it back up from scratch. I have again attached an external 8TB hard drive to it and set the NAS to Back-up to it once a week. I have re-installed iTunes and tested everything is working, in that I am able to rip from my PC a CD onto iTunes and also QMusic Station which sits on the NAS. I can also connect to it through the Sonos app that sits on my iPhone. All that remains is the very long job of ripping the remaining 1900 plus CD’s.

When I sign in to my NAS it is not as admin. I have a different log in and a password set up by NorPass. I have made sure that on my BT Hub router that my NAS is connected to, UPnP is turned off. On the NAS I have the Firewall and Security Counselor apps set up with Anti virus and Malware removal activated. I’ve been told to stop the hackers getting in again, to make sure my NAS is not connected to the internet. I have asked how do I do this and yet still have the ability to connect to it from my PC and my Sonos from my phone? Simple to follow instructions would be appreciated as I am just not very good at this.

On other thing I have noticed. Although I do not log into my NAS using admin, I have noticed if I turn off the read/write permissions for admin or disable admin, I cannot connect to the NAS or iTunes from my PC. Only when I turn the read/write permissions back on can I connect to it. Even though my log in user has read/write permissions ticked, it seems that my PC only recognises admin. I am very confused.

Once again thanks for all your advice and help.

LMSC

Pompeyexile Please see here for instructions

LMSC

Please watch this youtube video. It will help you.

Pompeyexile

I found that video LMSC but when I tried to do it as he instructed, for some reason my computer just would not connect to the NAS like his did. More frustrating, when I found the hacked issue and looked for a solution on the internet including Youtube, there was nothing. Only QNAP had a way of trying to recover the files using this thing called photorec, which of course it didn’t. Looking today on how disconnect the NAS from the internet but still able to connect to it from my laptop, on Youtube up came a video which explained in great detail step by step instructions on how to recover the encrypted files and it wasn’t using photorec. But of course, I have already wiped everything clean!

I will get there and again, thanks for all your help and advice.

LMSC

Pompeyexile If you have disabled port forwarding on your router, along with what you have already done, you should be able to see the NAS on the local network. It is always a good idea to assign a static IP address for NAS and use that address to configure access off your devices.

Again, check the QNAP forum; ask for a help on that forum; and, you will get help from those experienced QNAP users.

Again, mirror the settings on the QNAP assist.

« Previous Page Next Page »