Like many on here I love my music. Over the years I have collected over 700 LP's and nearly 200 CD's (and growing). The problem with that is…space. Where to put them all. I have the LP's in an alcove cupboard, the CD's in racks in the opposite alcove and on two floor standing carousels. But, not wishing to be classed as a dinasaur, about five years ago I set about transferring all of my CD's to digital format burning them onto iTunes, which meant I could also access them to play through my Sonos speakers dotted about the house. I bought a two bay QNAP NAS holding in total 12TB and transferred my iTunes onto that. Some three cd burners and months and months of burning later it was done and for about five years it has worked a treat and now with the likes of Apple Music and Spotify and downloading in general being the way music is going, my other half decided on two things…she wants the lounge re-imagined after 20 years, and she was fed-up with all these CD's and as we had access to them digitally, the CD's had to go. Anything for a peacful life I gave in, but was adamant I would not 'get rid' of the CD's as everyone I have spoken to about it said I should, but store them in the loft. Just after Christmas, I burned a few newly aquired CD's as normal. Two days later I went into iTunes to access one of the albums and saw that randome tracks were missing…funny. I then went to access an old album and again randome tracks were missing. I checked my NAS but all the tracks of the said albums were there. Then I noticed it… The tracks that were on my NAS but not on iTunes had a strange symbol next to them, as opposed to the album cover artwork as normal and instead of M4a or whatever the prefix '7z' then sat at the top of the track listing was a 'read me' file which had never been there before. Upon opening it it said this… !!! ALL YOUR FILES HAVE BEEN ENCRYPTED !!! All your files were encrypted using a private and unique key generated for the computer. This key is stored in our server and the only way to receive your key and decrypt your files is making a \*\*\*\*\*\*\* payment. I have spoken to QNAP who said 'you've been hacked'…no s\*\*t Sherlock! Have been trying to restore back using the Qrescue and a thing called photorec to before, but to no avail. I have protection and I use a VPN and DO NOT go onto dodgy sites..at 63 I can't be arsed. I spend most of my computer time on here, YouTube or BBC News. So, I will have to get them all down from the loft and spend months burning all my CD's yet again. We work hard for what we have and some scum sucking pond life thinks for doing that we are mugs, and so have the have the right to take it away. If there is any justce I just hope whichever dirty \*\*\* hole did this, has his or her underwear infested with a thousand lice, coupled with a sever case of thrush and a rotting of the flesh on thier fingers, nose and genetalia. Rant over.

@"Pompeyexile"#p8614 Very sorry to hear this. I can imagine what you must be going through. Paying the ransom is one thing and decrypting is a pain with no guarantee you can restore to the original set up. This has been the general experience within my known circle. Sorry to pour some fuel to the issue? Would you mind explaining your network set up please ? @"DavecUK"#1 I think we should create a sub-category where we can push smart stuffs, computers, security, etc to that. Hope it makes sense. 😊

@"Pompeyexile"#p8614 is your NAS stored remotely and permanently connected on the internet or is your NAS part of your local network?

> @"Pompeyexile"#p8614 If there is any justce I just hope whichever dirty \*\*\* hole did this, has his or her underwear infested with a thousand lice, coupled with a sever case of thrush and a rotting of the flesh on thier fingers, nose and genetalia. With you on that🤬…..hope you can get it sorted without too much pain.

Considering the attack, probably connected to the internet unless got inflected with offline patches. I won’t speculate.

Thanks for your responses. I am as we say from Pompey a complete DOUGHNUT when it comes to computers. I manage to scrape by and as long as I have details simple to follow instructions then fine, if not, I am scuppered. This is the issue I am having with QNAP at the moment. They have sent me instructions on how to hopefully recover but when a screen shot they show doesn't match what I am seeing on my computer then I'm stuffed. So, please bare with me if I do not give the answers you expect, it's probably because I have no idea either what you are talking about, or how to find the information you require. To sum that up, I am a plug and play guy and if it doesn't play after plugging it in…. I got a two bay NAS each 6 TB thinking that the iTunes would go onto one bay and then be automatically backed up to the other bay for safety in case the 1st bay went down, but now I'm not so sure that has happened. So, I my NAS is connected directly to my router but my laptop says the BT network is a private network. My setup… QNAP NAS connected via ethernet cable to my BT router. I access it through my Dell laptop where I call up iTunes. iTunes is pointing at the files on the NAS so whenever I burn a CD to iTunes it automatically appears on the NAS. My laptop runs Windows 10 64 bit pro and has NordVPN and NordPass, I use Firefox and Duck Duck Go search engine. I use an add blocker too and every day at least twice a day I use CCleaner to get rid of trackers etc.

> @"Pompeyexile"#p8624 To sum that up, I am a plug and play guy and if it doesn’t play after plugging it in…. I was thinking of suggesting a network isolation, keeping things on your local network and so on. I think you are smart enough to figure out, but it’s better to keep things simple for your type. > @"Pompeyexile"#p8624 I got a two bay NAS each 6 TB thinking that the iTunes would go onto one bay and then be automatically backed up to the other bay for safety in case the 1st bay went down Is the back up clean or is that also affected? Does your back up keeps versioning so that you can restore from a clean version.? > @"Pompeyexile"#p8624 QNAP NAS connected via ethernet cable to my BT router. I access it through my Dell laptop where I call up iTunes. iTunes is pointing at the files on the NAS so whenever I burn a CD to iTunes it automatically appears on the NAS. My laptop runs Windows 10 64 bit pro and has NordVPN and NordPass, I use Firefox and Duck Duck Go search engine. * it’s all internet facing as I thought it will be * Does your computer connect the NAS through VPN? * How do you access the NAS ? Is it via the computer as a network attached device ? * What firewall - router do you have ? * Are you able to access your NAS directly without the laptop? I think this is what you should do as a first step - take it off the net, access offline and restore. You are going to require a firewall before you connect your devices (modem —> firewall —> router —> devices). This can be done once you fix the hacked NAS. Please do not reconnect it on the net once you fix the NAS. We will look into how to make it simpler for you. I suspect you may require plenty of help. You may also go [here](https://www.snbforums.com/) and post for help.

@"Pompeyexile"#p8624 - so by the sounds of it, your NAS is connected locally. Which means, if I understand correctly, your local network got hacked, somehow. That is really bad, as, if I’m reading your post correctly, it could also been your computer, or any other device, as it’s connected to the same network. I might be wrong on this as I don’t know how your NAS setup works and whether it is exposed to the wide network. If I were you, I’d consider reviewing your router for vulnerabilities. If configured properly, even if they grab hold of your IP address, they should only be able to come in through a vulnerability or by spoofing something from inside as @"LMSC"#16 aludes to.

@"Pompeyexile"#p8624 Please see [this](https://www.snbforums.com/threads/ts-453d-questions.76915/#post-742371) thread.

@"LMSC"#p8630 - looks like a vulnerability on the NAS setup then. Not as bad as I thought, thankfully. That’s a good thing, in a way.

@"MediumRoastSteam"#p8631 Recent event, assuming it is the [same issue ](https://forum.qnap.com/viewtopic.php?f=45&t=164797)

Hacked off with Hackers

LMSC

What is it you guys have ? That’s a truck load of data I do not even find in a larger enterprise. 😊

I reckon music and movies mostly. of course photos. We have some music and lots of photos. All are less than a TB. They are on one drive and local back up. Don’t care if I lose the music as we stopped buying music some 12-13 years ago. It’s all family subscription, which we find it convenient as we can listen unlimited music, watch as much as we like and so on. We moved on.

CoffeePhilE

It’s a variety of things. Photograhy is a major hobby of mine, and I’ve been into digital photography for a very long time, and had multiple flatbed and film scanners back to the days of Photoshop being a new product, and Micrografx Picture Publisher. Similarly, video, digitised video etc, and both were a service offered commerically. On top of that, a document-image library. But the thing take takes the biggest chunk is digital video production. It absolutely eats space. My little system is actually pretty modest in that context. Take a look at Linus Sebastin and his Petabyte video editing server.

DavecUK

CoffeePhilE Yup, video footage raw and edited takes up lots of space.

Pompeyexile

A quick update….I tried the recovery QNAP suggested and had to fork out on a new 8TB external hard drive. Plugged it in two days ago and set off the procedure. Yesterday it finally finished the recovery process…. ABSOLUTE RUBBISH!

After checking, it has only recovered random tracks not all those locked as 7Z by the hackers, so I am no better off and it looks like I will have to start again from scratch, get my 2000 CD’sdown from my loft and rip them onto a new clean iTunes and NAS drives. It will take me months!

I have reported to QNAP on the outcome, but I will not hold my breath.

So, once I do get a response from them I will begin again but before I do, I will clean all the data from my NAS and the new 8TB external hard drive. I will learn how to set up a local network only and put my NAS and backup on that. IT WILL NOT BE OPEN TO THE WEB! I will ensure there is the appropriate protection too.

Having said all that, who do I think I am kidding? Whilst I can do the CD ripping, I think I’ll have to get someone in to do the set up bit.

If I wasn’t of such a jolly disposition I could cry. But as they say, worse things happen at sea… or to be more current… at least I’m not living in the Ukraine.

Pompeyexile

Well, I’ve had a response from QNAP….

Good morning,
I am sorry to hear there was not much that was recovered. There is no other options that we have, maybe a data recovery specialist?

I guess you sometimes have to learn lessons the hard way.

LMSC

Pompeyexile Sorry to hear that mate. Hope you get it up and running.

You might ask a pointed question on the other forum, if they will give you a step-by-step instruction. But, it will be very hard unless some one understand your network, set up, devices, intent, etc. You will still have to do it yourself, even with such help.

I am not sure, how much it will cost you. Even if you get it done professionally, the upkeep and preventing it from another event are down to you. 😊

Pompeyexile

LMSC Even if you get it done professionally, the upkeep and preventing it from another event are down to you. 😊

I appreciate that LMSC but evertime I turned on my NAS it said it had scanned for malware and none was found, go figure. But the one thing I will make sure is that the NAS is NOT connected to the internet. I know once everything is deleted from the hard drives and all set back to factory settings, I can still set up the NAS using an ethernet cable connected directly from my laptop to the NAS without the need to connect to the internet and any updates for the NAS or apps can be downloaded to my PC and I can install them from there.

The only thing I cannot get my head round, (and this is where I am as thick as pudding) is once the ethernet cable is disconnected and I’m sitting in my kitchen with my laptop and my NAS is in situe in another room, How do I connect to it from my laptop or my Sonos app on my phone to my NAS where the iTunes will be, if it isn’t connected to the internet or my router?

No doubt if I can get a computer wizz who lives local to come in, they will sort that out.

LMSC

Pompeyexile

Given the extent of your integration with everything and all internet facing, the malware could be anywhere on any system on your network. That’s the reality and am sorry if you don’t like it! 😌

A professional will sort out and get you up and running. He/She can set up the way you want and give you a local connection to your NAS.

A few things, which I will be very particular even with a pro will be:

A full wipe of your NAS system - not a quick format. A look at CCleaner will give you an indication of this
A reformat after that
Your PC and NAS connected to each other - physically. Both of them off the internet
Installation from a media, checked for virus, malware and MD5 sum. Please google if you don’t know what an MD5 is.
Deny admin access, internet access, UPnP, remote, etc The other forum will give you the details. The dos and don’ts can be grabbed from elsewhere..
Run only the last known good version.

Prepare the job and shop around. 😊

DavecUK

You can connect your nas to your local network, just make sure the firewall isn’t letting thing access the NAS as a Server or Webserver from outside your network.

It’s quite likely the malware came in via another device on your network and when executed in the background went looking for stuff to encrypt. It got in because whenever you connect somewhere and download a file you later run, or open a file in an email, you may be opening an executable of some kind.

If a Virus is contained within an executable, that program needs to be run somehow….so the initial virus infection always has to have something run. The infection could be binary e.g. you need both bits..or single. The software runs and perhaps replaces a windows .DLL, pops a .com, or .exe file somewhere replacing another. Rootkits etc.. etc..

It’s quite possible the problem is still on your system, simply waiting for a certain program to be run again. e.g. a backup routine etc…The NAS got targeted, but it doesn’t mean that it had/has the virus on it, or it was the source of the infection getting in.

Scan all devices that connect to the network Android, Apple, Windows. Verify all the windows executables, do scans with 2 or more antivurus programs, do a deep scan. Look at any e-mails where you may have mistakenly opened an executable, thinking it was something else. Try and remember if anything odd happened.

Pompeyexile

Thanks for all your advice chaps it is very much appreciated and it will not be ignored but acted on. I guess numpties like me who are as about as computer literate as a feotus, are easy meat for the unscrupulous out there.

As I say, a lesson hard learned.

Pompeyexile

So, obviously not being prepared to pay the thieves who hacked my NAS and the restore instructions given to me by QNAP has not worked, I have accepted it is lost and therefore, completely restored my QNAP NAS back to factory settings and set it back up from scratch. I have again attached an external 8TB hard drive to it and set the NAS to Back-up to it once a week. I have re-installed iTunes and tested everything is working, in that I am able to rip from my PC a CD onto iTunes and also QMusic Station which sits on the NAS. I can also connect to it through the Sonos app that sits on my iPhone. All that remains is the very long job of ripping the remaining 1900 plus CD’s.

When I sign in to my NAS it is not as admin. I have a different log in and a password set up by NorPass. I have made sure that on my BT Hub router that my NAS is connected to, UPnP is turned off. On the NAS I have the Firewall and Security Counselor apps set up with Anti virus and Malware removal activated. I’ve been told to stop the hackers getting in again, to make sure my NAS is not connected to the internet. I have asked how do I do this and yet still have the ability to connect to it from my PC and my Sonos from my phone? Simple to follow instructions would be appreciated as I am just not very good at this.

On other thing I have noticed. Although I do not log into my NAS using admin, I have noticed if I turn off the read/write permissions for admin or disable admin, I cannot connect to the NAS or iTunes from my PC. Only when I turn the read/write permissions back on can I connect to it. Even though my log in user has read/write permissions ticked, it seems that my PC only recognises admin. I am very confused.

Once again thanks for all your advice and help.

LMSC

Pompeyexile Please see here for instructions

LMSC

Please watch this youtube video. It will help you.

Pompeyexile

I found that video LMSC but when I tried to do it as he instructed, for some reason my computer just would not connect to the NAS like his did. More frustrating, when I found the hacked issue and looked for a solution on the internet including Youtube, there was nothing. Only QNAP had a way of trying to recover the files using this thing called photorec, which of course it didn’t. Looking today on how disconnect the NAS from the internet but still able to connect to it from my laptop, on Youtube up came a video which explained in great detail step by step instructions on how to recover the encrypted files and it wasn’t using photorec. But of course, I have already wiped everything clean!

I will get there and again, thanks for all your help and advice.

LMSC

Pompeyexile If you have disabled port forwarding on your router, along with what you have already done, you should be able to see the NAS on the local network. It is always a good idea to assign a static IP address for NAS and use that address to configure access off your devices.

Again, check the QNAP forum; ask for a help on that forum; and, you will get help from those experienced QNAP users.

Again, mirror the settings on the QNAP assist.

Pompeyexile

LMSC If you have disabled port forwarding on your router, along with what you have already done, you should be able to see the NAS on the local network. It is always a good idea to assign a static IP address for NAS and use that address to configure access off your devices.

I’ve done everything that has been suggested. Turned off UPnP and port forwarding on both my router and NAS. I have set up a new user with very strong password. I have given the NAS a static IP address. I have turned off automatic updating. I have loaded both QNAP’s Firewall and Security Anti-Virus apps. I have set up an 8TB external drive to the NAS and set the NAS to back up to that drive once a week.

The only part I am lost in is ‘you should be able to see the NAS on the local network’ my laptop says my BT wi-fi connection is ‘private network’ is that the same thing? Terminology is not my strong point.

Anyhow, I have posed my questions asking for a ste-by-step quide on how to do what I want on the QNAP helpdesk as you suggested and am waiting for thier reply.

I will get this sorted if it chuffin kills me!

I will not allow myself to be led by my family’s historic heraldic motto…

'If at first you don’t succeed…sod it'

Doram

Pompeyexile I will get this sorted if it chuffin kills me!

Might be a bit late for you, and you may have already seen it, but I think this video might describe the exact attack that happened on your Qnap (you are not alone to suffer from it), explains how it happened and tells how you can reduce the chances of it happening again:

If I understand correctly, the attack came via a vulnerability in the service that makes it easy for users to connect to their NAS over the internet (MyQNAPcloud on QNAP, and QuickConnect on Synology). It is very easy do disable this service, but it will make accessing the NAS less convenient.

The alternative that the video suggests is putting the NAS on a VPN, and then using the VPN to log onto it. I am familiar with this route, because I use VPN’s at work when I need to log onto services on clients’ networks (It has now became standard that all corporations require the use of VPN to access their services for security). Indeed it is less convenient to have to do that for a NAS.

It is always going to be a trade-off between security and convenience. Personally I think I will not stop using QuickConnect. Instead I will make sure that I have a backup of the important files off the NAS, and also use the other security measures that are not that inconvenient (reasonable passwords, firewall, update the OS and apps etc.). I hope mine won’t be broken into, and if it will happen - I will deal with it by recovering from my backup.

LMSC

Pompeyexile Private network is your BT connection; because, it is your internet. Windows will have a network discovery; if you have enabled it, clicking the network on MyPC will show the list of available networks for you to connect as long as you have enabled access in NAS. Another choice is setting up a network connection on your PC by configuring it using NAS’ static IP. The same in the case of iOS. I don’t have Mac.

DavecUK

Doram I still think the NAS should only be open the the private network and you should never be able to access a home NAS from the internet….or your home PC for that matter.

Doram

DavecUK Doram I still think the NAS should only be open the the private network and you should never be able to access a home NAS from the internet….or your home PC for that matter.

You may well be right, and I may well change my mind if I get bitten. It also depends on what you have on there and how keen you are to be secure. What I keep on my NAS is not that important. It won’t be fun to have to format the disks and copy everything from the backup, but it won’t be the end of the world for me. And for now I enjoy the ease and convenience that the family can share photos etc., so I think I can take this calculated risk. (but again, I reserve the right to change my mind if I get hit. :)).

DavecUK

Doram And for now I enjoy the ease and convenience that the family can share photos etc., so I think I can take this calculated risk. (but again, I reserve the right to change my mind if I get hit. :)).

Exactly the calculated risk…..I personally don’t have the need. If also you ensure there is no “backdoor” you leave open, such as enabling internet access, then using admin 123456 as a password or admin admin, anonymous login etc..It’s incredibly difficult for people to break in.

« Previous Page