Last week, we were devastated with a Ransomware attack. Because of some key errors on my part, as well as the QNAP’s Linux operating system requiring more expensive options for cloud backup, we didn’t have a robust backup and lost nearly everything.
QNAP’s malware cleaner identified the problem as the ech0raix ransomware. A second lab that I sent files to identified it as QNAP.encrypter ransomware. The ransomware explicitly targets QNAP products, so I contacted QNAP, and they were no help at all. I contacted several data recovery companies, and they all told me that there was nothing we could do.
I did research on the ransomware and discovered what I suspected was a key flaw in how the ransomware operates. It encrypts the file and saves a copy with the “.encrypt” extension appended to the end of the file name, and then it deletes the unencrypted original file. Everything that I had read stated that the decrypting the encrypted files was impossible, but I once had software that allowed me to undelete Windows files even after a disk format, so why wouldn’t the same be possible on a Linux system? Why try to decrypt a strongly encrypted file when you have an unencrypted file there just waiting to be recovered?
Since the two NAS servers (primary and backup) were RAID1 arrays, we had 4 copies of the entire system. We decided to see what could be done. We put three of the disks in the safe, and sent the other off to a friend that works in IT for a large company. He made a bit for bit copy, and then took that copy and tried to recover the deleted, unencrypted files.
He successfully recovered over 12,000 files. He recovered pictures, videos, Microsoft Office files, and PDFs. There were a few files that were infected and had to be destroyed. Some were damaged by being overwritten. He recovered more than 90% of what was on there.
The hard drives. He says that there is no guarantee that the malware isn’t hidden somewhere on the drives to the point where even formatting won’t get rid of it, and with the low cost of HDD now, we are going to replace all of them with new, out of the box drives. The NAS is probably going as well. QNAP’s products are being targeted, and apathetic is the kindest thing I can say about them.
Everyone I talked to said it couldn’t be done. Our friend didn’t want payment, but we are giving him $500 for what work he did, even if I have to break into his car to hide it in the glovebox. We sent him a passport drive so he can put our recovered files on it. The directories were all lost, so we have some sorting and filing to do.
Now I do need advice from my readers. I am changing our file storage system here. I want to use a NAS for file storage but also backup. We are going to keep offline copies of everything through the use of periodic backups on disks that we will keep in the safe AND cloud backups. I want something that is easier to understand than having to do all of the workarounds that Linux requires and allows cloud backups at a lower cost than Linux. So here are my requirements:
1 Network drive with RAID capability,
2 Capable of periodic updates for security
3 Capable of running Antivirus software that doesn’t cost an arm and a leg
4 Capable of automated cloud backups of either the entire drive, or selected directories
5 Cost less than $400 without hard drives
Does anyone know of such an animal?