Like many on here I love my music. Over the years I have collected over 700 LP's and nearly 200 CD's (and growing). The problem with that is…space. Where to put them all. I have the LP's in an alcove cupboard, the CD's in racks in the opposite alcove and on two floor standing carousels. But, not wishing to be classed as a dinasaur, about five years ago I set about transferring all of my CD's to digital format burning them onto iTunes, which meant I could also access them to play through my Sonos speakers dotted about the house. I bought a two bay QNAP NAS holding in total 12TB and transferred my iTunes onto that. Some three cd burners and months and months of burning later it was done and for about five years it has worked a treat and now with the likes of Apple Music and Spotify and downloading in general being the way music is going, my other half decided on two things…she wants the lounge re-imagined after 20 years, and she was fed-up with all these CD's and as we had access to them digitally, the CD's had to go. Anything for a peacful life I gave in, but was adamant I would not 'get rid' of the CD's as everyone I have spoken to about it said I should, but store them in the loft. Just after Christmas, I burned a few newly aquired CD's as normal. Two days later I went into iTunes to access one of the albums and saw that randome tracks were missing…funny. I then went to access an old album and again randome tracks were missing. I checked my NAS but all the tracks of the said albums were there. Then I noticed it… The tracks that were on my NAS but not on iTunes had a strange symbol next to them, as opposed to the album cover artwork as normal and instead of M4a or whatever the prefix '7z' then sat at the top of the track listing was a 'read me' file which had never been there before. Upon opening it it said this… !!! ALL YOUR FILES HAVE BEEN ENCRYPTED !!! All your files were encrypted using a private and unique key generated for the computer. This key is stored in our server and the only way to receive your key and decrypt your files is making a \*\*\*\*\*\*\* payment. I have spoken to QNAP who said 'you've been hacked'…no s\*\*t Sherlock! Have been trying to restore back using the Qrescue and a thing called photorec to before, but to no avail. I have protection and I use a VPN and DO NOT go onto dodgy sites..at 63 I can't be arsed. I spend most of my computer time on here, YouTube or BBC News. So, I will have to get them all down from the loft and spend months burning all my CD's yet again. We work hard for what we have and some scum sucking pond life thinks for doing that we are mugs, and so have the have the right to take it away. If there is any justce I just hope whichever dirty \*\*\* hole did this, has his or her underwear infested with a thousand lice, coupled with a sever case of thrush and a rotting of the flesh on thier fingers, nose and genetalia. Rant over.

@"Pompeyexile"#p8614 Very sorry to hear this. I can imagine what you must be going through. Paying the ransom is one thing and decrypting is a pain with no guarantee you can restore to the original set up. This has been the general experience within my known circle. Sorry to pour some fuel to the issue? Would you mind explaining your network set up please ? @"DavecUK"#1 I think we should create a sub-category where we can push smart stuffs, computers, security, etc to that. Hope it makes sense. 😊

@"Pompeyexile"#p8614 is your NAS stored remotely and permanently connected on the internet or is your NAS part of your local network?

> @"Pompeyexile"#p8614 If there is any justce I just hope whichever dirty \*\*\* hole did this, has his or her underwear infested with a thousand lice, coupled with a sever case of thrush and a rotting of the flesh on thier fingers, nose and genetalia. With you on that🤬…..hope you can get it sorted without too much pain.

Considering the attack, probably connected to the internet unless got inflected with offline patches. I won’t speculate.

Thanks for your responses. I am as we say from Pompey a complete DOUGHNUT when it comes to computers. I manage to scrape by and as long as I have details simple to follow instructions then fine, if not, I am scuppered. This is the issue I am having with QNAP at the moment. They have sent me instructions on how to hopefully recover but when a screen shot they show doesn't match what I am seeing on my computer then I'm stuffed. So, please bare with me if I do not give the answers you expect, it's probably because I have no idea either what you are talking about, or how to find the information you require. To sum that up, I am a plug and play guy and if it doesn't play after plugging it in…. I got a two bay NAS each 6 TB thinking that the iTunes would go onto one bay and then be automatically backed up to the other bay for safety in case the 1st bay went down, but now I'm not so sure that has happened. So, I my NAS is connected directly to my router but my laptop says the BT network is a private network. My setup… QNAP NAS connected via ethernet cable to my BT router. I access it through my Dell laptop where I call up iTunes. iTunes is pointing at the files on the NAS so whenever I burn a CD to iTunes it automatically appears on the NAS. My laptop runs Windows 10 64 bit pro and has NordVPN and NordPass, I use Firefox and Duck Duck Go search engine. I use an add blocker too and every day at least twice a day I use CCleaner to get rid of trackers etc.

> @"Pompeyexile"#p8624 To sum that up, I am a plug and play guy and if it doesn’t play after plugging it in…. I was thinking of suggesting a network isolation, keeping things on your local network and so on. I think you are smart enough to figure out, but it’s better to keep things simple for your type. > @"Pompeyexile"#p8624 I got a two bay NAS each 6 TB thinking that the iTunes would go onto one bay and then be automatically backed up to the other bay for safety in case the 1st bay went down Is the back up clean or is that also affected? Does your back up keeps versioning so that you can restore from a clean version.? > @"Pompeyexile"#p8624 QNAP NAS connected via ethernet cable to my BT router. I access it through my Dell laptop where I call up iTunes. iTunes is pointing at the files on the NAS so whenever I burn a CD to iTunes it automatically appears on the NAS. My laptop runs Windows 10 64 bit pro and has NordVPN and NordPass, I use Firefox and Duck Duck Go search engine. * it’s all internet facing as I thought it will be * Does your computer connect the NAS through VPN? * How do you access the NAS ? Is it via the computer as a network attached device ? * What firewall - router do you have ? * Are you able to access your NAS directly without the laptop? I think this is what you should do as a first step - take it off the net, access offline and restore. You are going to require a firewall before you connect your devices (modem —> firewall —> router —> devices). This can be done once you fix the hacked NAS. Please do not reconnect it on the net once you fix the NAS. We will look into how to make it simpler for you. I suspect you may require plenty of help. You may also go [here](https://www.snbforums.com/) and post for help.

@"Pompeyexile"#p8624 - so by the sounds of it, your NAS is connected locally. Which means, if I understand correctly, your local network got hacked, somehow. That is really bad, as, if I’m reading your post correctly, it could also been your computer, or any other device, as it’s connected to the same network. I might be wrong on this as I don’t know how your NAS setup works and whether it is exposed to the wide network. If I were you, I’d consider reviewing your router for vulnerabilities. If configured properly, even if they grab hold of your IP address, they should only be able to come in through a vulnerability or by spoofing something from inside as @"LMSC"#16 aludes to.

@"Pompeyexile"#p8624 Please see [this](https://www.snbforums.com/threads/ts-453d-questions.76915/#post-742371) thread.

@"LMSC"#p8630 - looks like a vulnerability on the NAS setup then. Not as bad as I thought, thankfully. That’s a good thing, in a way.

@"MediumRoastSteam"#p8631 Recent event, assuming it is the [same issue ](https://forum.qnap.com/viewtopic.php?f=45&t=164797)

Hacked off with Hackers

Pompeyexile

Thanks for all your advice chaps it is very much appreciated and it will not be ignored but acted on. I guess numpties like me who are as about as computer literate as a feotus, are easy meat for the unscrupulous out there.

As I say, a lesson hard learned.

Pompeyexile

So, obviously not being prepared to pay the thieves who hacked my NAS and the restore instructions given to me by QNAP has not worked, I have accepted it is lost and therefore, completely restored my QNAP NAS back to factory settings and set it back up from scratch. I have again attached an external 8TB hard drive to it and set the NAS to Back-up to it once a week. I have re-installed iTunes and tested everything is working, in that I am able to rip from my PC a CD onto iTunes and also QMusic Station which sits on the NAS. I can also connect to it through the Sonos app that sits on my iPhone. All that remains is the very long job of ripping the remaining 1900 plus CD’s.

When I sign in to my NAS it is not as admin. I have a different log in and a password set up by NorPass. I have made sure that on my BT Hub router that my NAS is connected to, UPnP is turned off. On the NAS I have the Firewall and Security Counselor apps set up with Anti virus and Malware removal activated. I’ve been told to stop the hackers getting in again, to make sure my NAS is not connected to the internet. I have asked how do I do this and yet still have the ability to connect to it from my PC and my Sonos from my phone? Simple to follow instructions would be appreciated as I am just not very good at this.

On other thing I have noticed. Although I do not log into my NAS using admin, I have noticed if I turn off the read/write permissions for admin or disable admin, I cannot connect to the NAS or iTunes from my PC. Only when I turn the read/write permissions back on can I connect to it. Even though my log in user has read/write permissions ticked, it seems that my PC only recognises admin. I am very confused.

Once again thanks for all your advice and help.

LMSC

Pompeyexile Please see here for instructions

LMSC

Please watch this youtube video. It will help you.

Pompeyexile

I found that video LMSC but when I tried to do it as he instructed, for some reason my computer just would not connect to the NAS like his did. More frustrating, when I found the hacked issue and looked for a solution on the internet including Youtube, there was nothing. Only QNAP had a way of trying to recover the files using this thing called photorec, which of course it didn’t. Looking today on how disconnect the NAS from the internet but still able to connect to it from my laptop, on Youtube up came a video which explained in great detail step by step instructions on how to recover the encrypted files and it wasn’t using photorec. But of course, I have already wiped everything clean!

I will get there and again, thanks for all your help and advice.

LMSC

Pompeyexile If you have disabled port forwarding on your router, along with what you have already done, you should be able to see the NAS on the local network. It is always a good idea to assign a static IP address for NAS and use that address to configure access off your devices.

Again, check the QNAP forum; ask for a help on that forum; and, you will get help from those experienced QNAP users.

Again, mirror the settings on the QNAP assist.

Pompeyexile

LMSC If you have disabled port forwarding on your router, along with what you have already done, you should be able to see the NAS on the local network. It is always a good idea to assign a static IP address for NAS and use that address to configure access off your devices.

I’ve done everything that has been suggested. Turned off UPnP and port forwarding on both my router and NAS. I have set up a new user with very strong password. I have given the NAS a static IP address. I have turned off automatic updating. I have loaded both QNAP’s Firewall and Security Anti-Virus apps. I have set up an 8TB external drive to the NAS and set the NAS to back up to that drive once a week.

The only part I am lost in is ‘you should be able to see the NAS on the local network’ my laptop says my BT wi-fi connection is ‘private network’ is that the same thing? Terminology is not my strong point.

Anyhow, I have posed my questions asking for a ste-by-step quide on how to do what I want on the QNAP helpdesk as you suggested and am waiting for thier reply.

I will get this sorted if it chuffin kills me!

I will not allow myself to be led by my family’s historic heraldic motto…

'If at first you don’t succeed…sod it'

Doram

Pompeyexile I will get this sorted if it chuffin kills me!

Might be a bit late for you, and you may have already seen it, but I think this video might describe the exact attack that happened on your Qnap (you are not alone to suffer from it), explains how it happened and tells how you can reduce the chances of it happening again:

If I understand correctly, the attack came via a vulnerability in the service that makes it easy for users to connect to their NAS over the internet (MyQNAPcloud on QNAP, and QuickConnect on Synology). It is very easy do disable this service, but it will make accessing the NAS less convenient.

The alternative that the video suggests is putting the NAS on a VPN, and then using the VPN to log onto it. I am familiar with this route, because I use VPN’s at work when I need to log onto services on clients’ networks (It has now became standard that all corporations require the use of VPN to access their services for security). Indeed it is less convenient to have to do that for a NAS.

It is always going to be a trade-off between security and convenience. Personally I think I will not stop using QuickConnect. Instead I will make sure that I have a backup of the important files off the NAS, and also use the other security measures that are not that inconvenient (reasonable passwords, firewall, update the OS and apps etc.). I hope mine won’t be broken into, and if it will happen - I will deal with it by recovering from my backup.

LMSC

Pompeyexile Private network is your BT connection; because, it is your internet. Windows will have a network discovery; if you have enabled it, clicking the network on MyPC will show the list of available networks for you to connect as long as you have enabled access in NAS. Another choice is setting up a network connection on your PC by configuring it using NAS’ static IP. The same in the case of iOS. I don’t have Mac.

DavecUK

Doram I still think the NAS should only be open the the private network and you should never be able to access a home NAS from the internet….or your home PC for that matter.

Doram

DavecUK Doram I still think the NAS should only be open the the private network and you should never be able to access a home NAS from the internet….or your home PC for that matter.

You may well be right, and I may well change my mind if I get bitten. It also depends on what you have on there and how keen you are to be secure. What I keep on my NAS is not that important. It won’t be fun to have to format the disks and copy everything from the backup, but it won’t be the end of the world for me. And for now I enjoy the ease and convenience that the family can share photos etc., so I think I can take this calculated risk. (but again, I reserve the right to change my mind if I get hit. :)).

DavecUK

Doram And for now I enjoy the ease and convenience that the family can share photos etc., so I think I can take this calculated risk. (but again, I reserve the right to change my mind if I get hit. :)).

Exactly the calculated risk…..I personally don’t have the need. If also you ensure there is no “backdoor” you leave open, such as enabling internet access, then using admin 123456 as a password or admin admin, anonymous login etc..It’s incredibly difficult for people to break in.

LMSC

I won’t know if your BT router / home hub will allow you to disable internet access selectively but allow LAN access to the NAS. Try the access control, which may disable the access completely.

If you can set a firewall rule, create one - new LAN entry with the MAC address of the NAS (not sure if there is one for the NAS as typically the wifi devices and camera will have addresses, try IPCONFIG/all); new firewall rule; source will be the LAN entry (if you can’t create a lan entry, then the static IP and see if you can add entries in MAC access control); Outbound - Deny and enabled; and, destination IP with the corresponding MAC address of the device, which require NAS added in the access control). One rule per device. This will restrict NAS outbound internet access but keep it locally. Please do not provide destination as Any. If you try to ping an external IP, the NAS shouldn’t get a reply.

You have to remember some one can still get in through the connected devices! 😊

Assuming, the NAS has line entries to restrict access to the devices.

Pompeyexile

The one thing this thread has proved to anyone who should want it, is this is the most friendly forum on the web. I can’t thank you all enough for your help and a special thanks to LMSC who must be pulling his hair out with my complete inability to understand how to action much of the advice given.

Pompeyexile

Well, at last it all seems to be sorted. Access, security the lot! At last I’ve been able to disable the admin account and set up a new one with very strong passwords from my NordPass password manager. It seems it wasn’t the NAS that was causing the problems but my inability to not just understand but even know what Window Credentials Manager was and the effect it had on setting up the NAS. All that’s left is for me to re-rip my 1900 plus music collection.

Thanks again for all your advice, help and pointing me in the right direction to sort this mess out.

LMSC

Pompeyexile Good to hear. I am glad you sorted it out. Stay safe. Please remember — back up, back up….

Pompeyexile

Don’t worry, I won’t be making that mistake again… Beeep!… Beeep!… Beeep!… Beep!

« Previous Page