Author Topic: NAS files encrypted by ransomware  (Read 580 times)

LifesABeach

  • Calf
  • *
  • Posts: 2
NAS files encrypted by ransomware
« on: October 09, 2018, 10:22:37 pm »
I have a LinkStation (model 200 I believe) that has had its contents encrypted by a ransomware attack.

I need to know, short of paying the ransom, whether there is any way to decrypt the files using some commercial software or other tactic.  I've read about removing the drives from the NAS, installing them on my (windows) PC, and running some common decrypting software from the windows PC once the drives are recognized as local.

My issue is i) I'm not at all familiar with the XFS file system, and am concerned whether I'll be able to get this to work, and ii) I'd prefer not risking physical damage to the disks, given they contain information that I'd very much prefer to not lose.

If anyone has experienced a similar issue, I would very much like to know how they went about solving it.

Additional notes

1. The crypto algorithm used goes by the name LOCKME, and upon encrypting the data on the NAS, has renamed all the files to include a .LOCKME extension.

2. I am keenly aware that this problem was of my making. I won't get into the "hows" that led to this - but suffice it to say I've learned the lesson. Please do not reply with "you should never ..." responses. They just won't help. I know I screwed up, and don't need the lecture ... just the solution at this point would be very helpful indeed.

For what it's worth, the ransom is about three hundred and fifty US dollars. I doubt a commercial service would charge much less, but if there is a paid service that anyone is aware of that costs less, I'd be interested. At this point, I've almost accepted this is going to cost me something to resolve.

Many thanks

oxygen8

  • Buffalo
  • ***
  • Posts: 243
  • Giving you some breathing space.
Re: NAS files encrypted by ransomware
« Reply #1 on: October 10, 2018, 12:08:08 am »
your nas can not be infected.
your windows pc is the probelem
do not remove the drive from the nas

find a tool to clean your pc or reinstall it with a new windows
then find a tool to repair the files on your nas with this clean windows pc

this reads good

https://www.2-spyware.com/remove-lockme-ransomware.html#data-recovery
« Last Edit: October 10, 2018, 12:30:44 am by oxygen8 »

davo

  • Really Big Bull
  • VIP
  • *
  • Posts: 5931
Re: NAS files encrypted by ransomware
« Reply #2 on: October 10, 2018, 03:46:18 am »
I need to know, short of paying the ransom, whether there is any way to decrypt the files using some commercial software or other tactic.

Unfortunately not.
PM me for TFTP / Boot Images / Recovery files  LSRecovery.exe file.

Texturtle

  • Administrator
  • *****
  • Posts: 698
  • RAID is NOT a substitute for a good backup
Re: NAS files encrypted by ransomware
« Reply #3 on: October 10, 2018, 09:22:20 am »
It is unlikely that the NAS would be hit without affecting another system. Typically if data on NAS is encrypted by ransomware it's because the PC that got hit had a mapped drive on the NAS, and that mapping gave the ransomware a vector to hit that data. Typically in a ransomware attack your options are either pay the ransom or delete everything and restore from a backup.

LifesABeach

  • Calf
  • *
  • Posts: 2
Re: NAS files encrypted by ransomware
« Reply #4 on: October 10, 2018, 05:56:21 pm »
Thank you all for your responses.  You've confirmed what I feared.