Hacker locked my shared volume

Currently reading
Hacker locked my shared volume

2
0
NAS
DS420+, DS220j
Operating system
  1. Windows
Mobile operating system
  1. Android
Hello. I'm not good in computer security science so I opened quickconnect and shared ID and password, I don't have antivirus, I didn't update DSM and finaly sombody created shared volumes with password which I can get if I pay bitcoins. I paid as hacker asked me and he mounted volumes as he promise but my bad luck I restarted my NAS devices and all my volume status changed to unmount. Any advice will be greatly appreciated.
 
Welcome to the forum.

Sorry to hear this, but I have to say you are the 1st that has reported this method of exploit by a 3rd party.

The fact that you shared the ID and password and in return got hacked is unfortunate, but considering that the hacker didn't give you the encryption key for the mounted folders is another problem.

Considering that you have paid, can you ask for the key so that you can mount the volumes again?

Also, would recommend to wipe the NAS or at least replace the QuickConnect address as well as any accounts (and passwords) in use.
 
This is one my nightmares, and why I have 2 active backups running of my main nas. I really need to learn how to isolate the backup devices, or air-gap them or something.
 
any accounts you create and give to others should have ready only privileges. The only way I can see this happening without a known exploit is the account had write access or admin rights to the impacted shared folders. Securing your NAS is paramount to making sure this will hopefully never happen again.
 
rule No. 1 after hacking the storage system - wipe out the system into factory default. You don't know what the hacker left there. Otherwise, you will be constantly vulnerable.

Try to restore all possible backups.
But after reading this case, I would bet a few cents that Backup (real backup) does not exist. And if there is any, it's probably infected too, because control over the DSM has been taken over.
Maybe even older backups would break it. But I dare say that in this case it will not be a month old data state.
Unfortunately - it's over. Sad, but true.

Setting up NAS security is not like turning On/Off a drill. Without a well-protected network, it's only a small step to a better night's sleep. It is a complex science. Rules, rules, rules. Cloudflare, Secure DNS, DNSSEC, IPSec tunnel rather than SSL VPN, …
many of them described also in this forum
 
I think all you can do is ask them for the keys to the volumes, or at the very least mount/unlock them again.

What was the scenario that led you to share your login details with someone else?
It was trusted people who was helping me but same noobs like me.
Welcome to the forum.

Sorry to hear this, but I have to say you are the 1st that has reported this method of exploit by a 3rd party.

The fact that you shared the ID and password and in return got hacked is unfortunate, but considering that the hacker didn't give you the encryption key for the mounted folders is another problem.

Considering that you have paid, can you ask for the key so that you can mount the volumes again?

Also, would recommend to wipe the NAS or at least replace the QuickConnect address as well as any accounts (and passwords) in use.
I sent to hacker several emails, but didn't receive any answer. Thank you for recommendations.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Thank you for the useful suggestions, I am going to investigate this more. Much appreciated.
Replies
6
Views
1,961
I have one folder (personal financial information) encrypted. I store the passphrase in my password...
Replies
1
Views
7,737
Replies
15
Views
3,138

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top