0

I own a Mycloud NAS and it was affected by ransomware.

In the NAS there are several folders, most of them are password protected. There is also the "Public" folder which can be seen by all users and contains family photos, movies, etc... Until now this "Public" folder is the only one affected.

  1. Can I download the unaffected folders on my laptop, reset the NAS and then restore the data? How can I be sure that the ransomware is not hidden in these folders?
  2. Can the ransomware spread from the NAS to our devices if the devices are connected to the same wifi network?
  3. If ransomware gets on my laptop and I'm doing online banking, are my bank data in danger?
  4. Can I just remove the ransomware and avoid the reset of the NAS? I've done a scan with the app "Anti-Virus Essentials" but it founds nothing. I couldn't find Norton solutions for the Mycloud NAS.
  5. I'm connecting to the NAS from my Linux Laptop with an NFS connection. Can the ransomware use this connection to affect my laptop?
schroeder
  • 123,438
  • 55
  • 284
  • 319
Daniele F.
  • 11
  • 1
  • 4
    What makes you think the NAS is infected? It could be any of the client computers having access to the public folder. – Esa Jokinen Mar 17 '19 at 20:29
  • @EsaJokinen You're right, I have not though about that. So does it mean I have to reset all the devices that have a connection to the Public folder and the nas to remove the ransomware? Or is there a way to locate the affected device, i.e. the android phone from which I'm writing now? – Daniele F. Mar 17 '19 at 20:38
  • I would isolate every device until the infected device is located. Could be one or multiple. If there's any logging on the NAS, I would try and investigate whether there's any traces of the culprit. – Esa Jokinen Mar 17 '19 at 20:41
  • @EsaJokinen I thought the NAS is the affected device because it's the only device with encrypted files (until now) – Daniele F. Mar 17 '19 at 20:57
  • Does the public folder allow anonymous logins while the others requires credentials? Could it be someone just visiting your network? If the NAS was infected, wouldn't all shares be encrypted? – Esa Jokinen Mar 17 '19 at 20:59
  • I would: 1- Restore the cloud to a clean state. 2- Enable logging. 3- When it gets altered check the logs to find out where the infection came. 4- Make the folder private to avoid reinfection, restore it. 5- Antivir the the infected client + patch it. 6- Patch (and optionally antivir) all the other clients. 7- Make the folder public again – bradbury9 Mar 18 '19 at 09:11
  • https://security.stackexchange.com/questions/138606/help-my-home-pc-has-been-infected-by-a-virus-what-do-i-do-now – CaffeineAddiction Aug 12 '19 at 20:43

1 Answers1

1

It seems that someone was just visiting my network and no other device was affected. After having resetted the NAS there are no problems anymore. Obviously I am not using public folders anymore.

Daniele F.
  • 11
  • 1