FYI: All my files for CNC and Lightburn have been compromised by ransomeware.
I kept my files on a NAS drive(s) so I could have access to them from any PC.
None of my PC’s were affected only the nework drives back in mid January as I was out of the country for 2 months. Now that I wanted to get back into machining and burning… no files to be located. All files end in .7z.
eg. filename.nc.7z renaming them does not work, all files encrypted.
PC’s protected by Bitdefender but I guess not the NAS.
I have now installed a (bitdefender box) firewall with yearly subscription between my modem and the router. I am working with bitdefender and QNAP teams to see if something can be done.
Here is the example text in every folder. No files were saved on the PC’s, just all of them on my NAS, 3 of the 4 drives affected!
!!! ALL YOUR FILES HAVE BEEN ENCRYPTED !!!
All your files were encrypted using a private and unique key generated for the computer. This key is stored in our server and the only way to receive your key and decrypt your files is making a Bitcoin payment.
To purchase your key and decrypt your files, please follow these steps:
Dowload the Tor Browser at “https://www.torproject.org/”. If you need help, please Google for “access onion page”.
I’ve edited your post to remove the .onion link since it’s not pertinent to the discussion and I don’t want someone following a link to something that might lead them to similar issues.
I’m sorry that happened - NAS are a pretty common attack vector nowadays, especially since they commonly fall behind on firmware updates. QNAP especially had a big wave of attacks about 10 months ago. I hope you have some sort of backup of your data or find a way to recover it.
Interesting… this is what QNAP sent me:
and awaiting from the bitdefender team also, not trying anything yet.
What do you think?
Please prepare a USB drive 2-2.5x the size of used space.
Please follow this link :
XXXXXXXqnap.xx/en/how-to/tutorial/article/manually-install-qrescue-to-recover-qlocker-encrypted-files-on-qnap-nas
• Qrescue is using photorec which is a “deleted data” type recovery software so the way it works is that, when the hacker started to encrypt the data, what happens what it deleted the original data once it got encrypted assuming user had enough free space left, the “deleted” dat bits are actually still stored on the volume; actual data bit is still there, has not been overwritten yet, assuming nothing new was written or there was enough free space left over on the volume.
• Therefore, photorec will go scan those free blocks and try to recover the deleted original data
• if the data is important, You should go to professional data recovery, which will usually have a higher success rate.
• photorec is a free opensource data recovery software only
