Deadbolt- ARGHHHH!

GraemeHall · August 11, 2022, 10:33pm

I know that Deadbolt ransomware was a topic earlier in the year, but that thread is now closed.

I’ve not been in this forum for sometime - more fool me - so I was quite unaware of this problem until it struck me today. I’ve spent the evening following the QNAP instructions for trying to deal with the problem, ie update firmware, reboot, run malware scan, reboot etc…but with only partial success in that while I seem to have got read of the malware, I now only have about 50% of my music (though that said the size of the memory used seems consistent with what was there before).

I’m wondering whether only some of the files were attacked by the malware and those files have not been decrypted but just moved into quarantine by the malware remover? Or something like that?

I did have everything backed up on an external drive that was permanently connected with a weekly backup at midnight on Sunday. Is it all possible that the malware may have infected those files? I am slightly wary of plugging that drive into my PC to look…For the moment I have unplugged the drive.

Assuming that the back-up drive is OK then I guess I could either copy those files back onto the current QNAP, or since it is 7 years old anyway it wouldn’t be the end of the world to just buy a new NAS drive.

Any suggestions - particularly on the likely condition of the back-up drive?

Thanks

GraemeHall · August 11, 2022, 10:47pm

OK - quick follow-up. I’ve now looked at some of the files on the server and I can see that some at least still have the .deadbolt extension…

I’m guessing it’s not as simple (! there are a lot of files!) go through them one by one changing the file extension, so is copying back from the back-up disc the answer? The fact that not all the files on the QNAP have been affected encourages me to think that the back-up disc is OK.

spile · August 12, 2022, 5:08am

Remove drives and reformat. I’d use a different device like a pc for this. Reinstall QTS and restore from backup.
Turn off uPnP on router, remove port forwarding.

GraemeHall · August 12, 2022, 12:16pm

Thanks. Everything on the back-up looked OK so I have re-initialised, reformatted etc and am now in the middle of copying back 1.3TB. I estimate it should be finished in the early hours of tomorrow. Such a pain having to reload Minim Server and trying to remember how to do that (I forgot I also had to add Java apps…). So far so good, but if it all works smoothly wihout needing further tweeks it will be a miracle.

Meanwhile I am re-acquainting myself with my CDs…

system · October 11, 2022, 12:17pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.