I'm a grown man... and this attack has nearly brought me tears. Once I recover my files, I've learned the biggest lesson in my life, lessons, I've thought I already knew, but I misunderstood how ransomware worked and it beat me.
First; I have to say you are a flipping genius!!! Thanks so much for the information. I have not been affected by this ransomware issue, but I'm super curious about your method to recover from it. I really appreciate how thorough you were in explaining everything. Lots of information to absorb, but you left nothing out, so thank you! This is not to diminish any of the awesomeness of your video - but rather to help others (myself included) make sure we have the necessary things setup beforehand, to be prepared. It turns out there are some things that need to be in place before your method will work. First; SFTP access needs to be enabled on the QNAP device (I had it turned off on mine). The setting can be found using the search icon (magnifying glass). Next; the SFTP access permissions need to be set to allow access by a particular user. Last; the whole process is 200% easier if you're using a Linux computer to access the QNAP. You can just skip past all of the Windows install craziness, since SFTP comes already installed in the Linux OS. Simply open a terminal window, type sftp [qnap_username]@[qnap_ip_addr] and you're in. Type your password, cd to the logs directory, and cat the 7z.log file. Done. The very last and final step would be to install Linux on your Windoze computer, and never look back. ;-)
Hi Vladi, thank you so much for your kind words. We are continuing to search for more solution and are happy to help people by providing free solutions. Currently, we are working towards collating an article that raises awareness on ransomware hacking, and we are looking for participants to share their experience. Would you mind filling a quick 1-minute survey to help with data-collecting and to understand the severity of this hack. Your input would be incredibly useful and we would be eternally grateful. forms.gle/BnBUwrRHK3omCEyz7
Hello, may I request for some help please brothers, I am stuck at the step shown at 11:46 that I could not get into the NAS where it says "COULD NOT RESOLVE HOST, GETADDRINFO FAILED!" so what can I do now? Much appreciated if you could help, cheers, as I have important work files that are locked by 7z
Hello, thank you for the video, however I couldn't find the 7z file in the latest attack, any alternative solution to this? Mine was attacked around 2 days ago.
Hi Sam, Thanks for your kind comments, we're continuing to search for more solutions and are happy to help people. Would you mind filling in a 1 minute survey to help us with our data collecting as we are currently working on an article to raise awareness on ransomware hacking. forms.gle/BnBUwrRHK3omCEyz7
Thank you Piovis. I followed your instructions to the dot and unfortunately did not find the 7z.log file. It wasn't there. I know I did re-start my Qnap at least once or twice. Infected on 2nd Feb, Malware removed on 19 Feb. Not sure where to turn to now. Very sad and defeated.
Hi Henk, Thanks for your kind comments, we're continuing to search for more solutions and are happy to help people. Would you mind filling in a 1-minute survey to help us with our data collecting as we are currently working on an article to raise awareness on ransomware hacking. forms.gle/BnBUwrRHK3omCEyz7
I am gutted. Only last week I found my QNAP NAS had been hacked and nearly 2000 CD's worth of music kept on my NAS were encrypted to 7Z. I even contacted QNAP, but their method of trying to recover the files using photorec failed miserably and I was left with a 'sorry nothing else we can do'. Searching the internet including TH-cam for help, your video did not come up and so only yesterday, I re-set my QNAP NAS back to factory settings and have now had to start to rip my 1900 plus CD's all over again. It was only looking on how to dis-connect my NAS from the internet but still able to connect to it using my PC and Sonos app on my phone, your video popped up. Anyhow, I have done exactly what you have said and set up a new user giving read/write access but... when I disabled the admin user, I couldn't connect to my NAS again from my PC, so I am at a loss as to how to ensure my NAS is NOT connected to the internet, yet still able to access it from my PC where I rip any new CD's to my iTunes which is on my NAS. I have connected a 8TB external hard drive to the NAS and am using that to back up my NAS once a week.
Hi Paul, Thank you for your kind words. We are now working towards collating an article that raises awareness on ransomware hacking. We are looking for individuals like yourself to take part in a quick 1-minute survey to help with data-collecting and to understand the severity of this hack. Your input would be incredibly useful and we would be eternally grateful. forms.gle/BnBUwrRHK3omCEyz7
I don't have 7z.log either.... 21 years of family photos and videos were zipped.... I made this QNAP recovery process as well, but nothing has happened. I didn't get back anything. If I can get my family photos and videos, it would be my goal. Do you have any additional idea?
Thank you for this. My files do have the 7z extension. Any idea why the Malware Remover Log File would be empty? I even ran a Scan and the log is still blank.
@@piovisinsights763 I tried out with Filezila and Commander One, with both tool I could access share/CACHEDEV1_DATA/.qpkg/MalewareRemower but unfortunately there is no 7z file located. Even though the Maleware Remover has detected a malware MR1902 on the 2021/04/23. What dose that mean?
@@giuliocifuni1060 I'm not familiar with those two tools. Can you run a search using them? If so, go back into your system files but do NOT go into any folder. Instead try searching for 7z*.txt. Hopefully it will search all of the sub-folders and find it. If it doesn't find it, it could mean that either 1) the Malware Application didn't actually remove the ransomware for some reason, 2) the application didn't write a log or 3) the log was deleted. As far as I know, we need that log to find the password. Can you create a new comment on this TH-cam Channel asking the same question. I ask you to do this because not many people read replies. I want people to see your comment and hopefully they may also be able to help you. Let me know how it goes.
@@piovisinsights763 Thank you so much for giving me such a great support. I could run a search but there was no File starting with "7z" that matches with the time and date that repots to the malware remover. But I could identify a file named ".uninstall.sh" in the path: share/CACHEDEV1_DATA/.qpkg/MalewareRemower, that has the same time stamp as indicated in the QuLog Center. This is what it contains: #!/bin/sh # Stop the service before we begin the removal. if [ -x /MalwareRemover.sh ]; then /MalwareRemover.sh stop /bin/sleep 5 /bin/sync fi /share/CACHEDEV1_DATA/.qpkg/MalwareRemover/modules/mr_backuplog_01 # Package specific routines as defined in package_routines. { #clean schedule /mnt/ext/opt/Python/bin/python /share/CACHEDEV1_DATA/.qpkg/MalwareRemover/modules/centre.pyc --clean_all_schedule /usr/local/sbin/nc_tool unregister -A A227 MR_PATH=/share/CACHEDEV1_DATA/.qpkg/MalwareRemover/ set_mutable /share/CACHEDEV1_DATA/.qpkg/MalwareRemover/ set_mutable /share/CACHEDEV1_DATA/.qpkg/MalwareRemover//modules/10_derek_3.pyc set_mutable /share/CACHEDEV1_DATA/.qpkg/MalwareRemover//modules/12_derek_3.pyc } # Remove QPKG directory, init-scripts, and icons. /bin/rm -fr "/share/CACHEDEV1_DATA/.qpkg/MalwareRemover" /bin/rm -f "/MalwareRemover.sh" /usr/bin/find /etc/rcS.d -type l -name 'QS*MalwareRemover' | /usr/bin/xargs /bin/rm -f /usr/bin/find /etc/rcK.d -type l -name 'QK*MalwareRemover' | /usr/bin/xargs /bin/rm -f /bin/rm -f "/home/httpd/RSS/images/MalwareRemover.gif" /bin/rm -f "/home/httpd/RSS/images/MalwareRemover_80.gif" /bin/rm -f "/home/httpd/RSS/images/MalwareRemover_gray.gif" # Package specific routines as defined in package_routines. # Package specific routines as defined in package_routines. { #clean tmp data /bin/rm -rf /tmp/.malware_remover/ } if [ -f "/usr/local/sbin/nc_tool" ]; then /usr/local/sbin/nc_tool unregister -A A227 fi
Hi, great content! I have a usb harddrive attached to my Nas that I set to back up once a week using hb3 but is it ok to keep it always connected? If malware attacks etc
I can't find a 7z log file in the MalwareRemover folder. Any suggestions as how to find that so needed password. Thanks a lot. I'm so lost and so is a lifes worth of photos.
@@dave6501 Three main reasons that I can think of (there may be others) 1. You've lost connection to your drive - Can you locate and access your drive? 2. You need to enable SSH - You can check connection settings via the QNAP control panel 3. You may have mistyped the settings into Total Commander - again QNAP control panel should confirm the settings For 2 and above, I think part 3 of the video should point you in the right direction. Hope it helps.
Thank you for the great video, i followed the steps but cannot find the cahce-dev1 folder under shared. is there any other place that this 7zip log get stored ?
You're very welcome. There are a few people on this website in the same situation as you. I've asked everyone to share their solutions and I'm sure the good people on this channel will do that. Hang in there and hopefully we'll find something that works for you soon!
@@piovisinsights763 I was on my box I believe two days before the attack. The box was being hit like every 5 mins for the admin login, so I disabled it. I didn't notice any issue till I saw i TH-cam video. I mostly use my box for videos and none of them were affected. I immediately updated the firmware and apps. Then started looking for solutions. Im not in a horrible situation but it would be nice to has my info back.
@@JoabRyan Totally agree with you. I mean they are your files! One of our viewers share that QNAP have a new recovery tool out. I haven't used it, but if you do, please let us know how it goes!
Hi @@JoabRyan, if you found the video useful would you be willing to share with us your hacking experience on a quick 1-minute survey. We are working towards an article to raise awareness on ransomware hacking and your incident would be highly important for the data we are gathering. forms.gle/BnBUwrRHK3omCEyz7 Thank you!
I have followed your section 2 however I do not have a directory cacheDEV1 under Share. Can you offer an alternative location for the file? Im running QTS 4.3.4
Is it back again? My QNAP removed it back in April but I seem to have loads of 7zip files now. My backup drive (old one) also seems to have it. As a Mac user, Total Commander doesn't work on Mac
Hi Melanie, thank you for your comment - we will look into it over the weekend and get back to you on this. In the meantime, would you be able to help us by filling in our quick 1-minute survey which will assist in finding out about the severity of ransomware hacking. We would really appreciate your contribution! forms.gle/BnBUwrRHK3omCEyz7
@@piovisinsights763 Hi, I am also on a Mac and saw this comment - my QNAP was attacked back in April too and I am just now trying to resolve getting my files back, have you found a solution for Mac users? If so could you point me in the right direction? Thank You
hi its very informative for me ... i just got by ranemalware nemed "deadbolt"... where i can find it as it is not shown in malware folder kind need some help
Hi @jdriod, we are currently looking for a solution for mac-users and will get back to you soon. Would you be able to help us by filling in our quick 1-minute survey in the meantime. The survey aims to assist in our research for our upcoming article on ransomware hacking. Your contribution would really be appreciated! forms.gle/BnBUwrRHK3omCEyz7
After making a new connection by pressing F7 and called it Crilles-nas and doubleclick I got this: SFTP Error, could not resolve host, getaddrinfo failed! What does it mean and what can I do to fix this.
today i was a target to this criminals.. anyway, when I try SSH .. I get "connection refused" and I can't get the log file. My question is: if I reboot the NAS, the logs will be deleted?
hi thanks for the video. I would like to know if it is still working? I lost all my family photos and I am desperate to get them back. my problem is that I know very little English and less computer science. Thank you so much
Unfortunately, I did not have Malware Remover running during the period the Ransomeware was running. I've since installed it and did a scan but did not detect any malware while all my files are 7zipped. Needless to say, there's no 7zip.log file to view. I've just copied a new file into my NAS and hopefully the malware gets to work again and this time a log file can be generated. Any other ideas would be great.
Hi there, following your video, got to the point where I open the SHARE file, but I do not have the CACHEDEV1_DATA folder. please can you tell me what to do next
i got 'Error: Failed to connect to the given server' at 16% point after enter the parameters in the Total Commander for new connection to my Qnap NAS. Any advice? Thanks in advance
I follow your tutorial, first of all, thanks so much! and doing so, I got a error message after configurate the quick connection, I do doble quick to quick connect to the nas, and it show a "error: could not start SSH session: failed getting banner" any help? thanks!
Thanks for your kind words. The below answer is a copy and paste of a similar question - but I hope it helps: Three main reasons that I can think of (there may be others) 1. You've lost connection to your drive - Can you locate and access your drive? 2. You need to enable SSH - You can check connection settings via the QNAP control panel 3. You may have mistyped the settings into Total Commander - again QNAP control panel should confirm the settings Let us know how it goes and good luck
Hi Noelia, I hope you are well. We are looking for participants to take part in a quick 1-minute survey to help with our article which aims to raise awareness about ransomware hacks. We would really appreciate your input! forms.gle/BnBUwrRHK3omCEyz7
HI, thank you for this tutorial! Unfortunately7z log file is very short. I guess Qnap removed it or deleted it when updated How can i look for the deleted files? I do have EaseUS Data Recovery
I'm not too sure about EaseUS Data, but I have used Photorec software with some success. There are some great guides on TH-cam on how to increases your chances of success. Let us know how it goes - and good luck!
Great walkthrough! I found my 7z file, but there's no unlock code there. My log file is pretty empty, and the date is showing almost a month after the original log file that was removed. Any recommendations?
Thanks Nalin. It sounds that for whatever reason your Malware App log was reset or more unlikely the app was uninstalled and re-installed. Either way, we need that password. You 'could' try using a file restoration software that searches for deleted files. You have a (small) chance of recovering a previous log file that 'might' have the passcode. Without knowing what happened. It's hard to say. I'm continually looking for more solutions that don't rely on the log. If I find something, I will share it. Let us know how it goes. Good luck
@@NeworldDesigns Photorec is a good software that I've used before. There are also some great guides on TH-cam on how to best use it. One of the awesome viewers of this channel said that QNAP has also released a new recovery tool. Please check it out from their website and let us know how it goes. Cheers
Hi. I have been so demoralised by this malware attack that I switched 'off' my NAS for about a year ... followed your video and found the 7z Log File (great), however, same issue as above - Log File content is pretty empty ... just a half-dozen lines of zeros ... responses below cite the use of file restoration software ... (another however) ... I am a Luddite and need a step-by-step process? How and where do I find deleted 7z Log Files? Any assistance would be much appreciated, thanks
Thanks for your sharing. I tried follow you instruction to connect my QNAP. I have enabled my SSH and i see connection IP is the same as my SSH port, but i fail to connect. The connection stop at 20% and then restart from 0%. Then error message appear : fail to log in the given server I found that even i type in a wrong log in name/password, the same error message appear. Any ideas about my case?
Hi Mike, I'm really sorry to hear this and we will be working hard to find a solution for you over the weekend. In the meantime, would you be able to help us by filling in our quick 1-minute survey to find out about the severity of ransomware hacking. The data gathered will go towards our upcoming article about ransomware hacking. Your contribution would really be appreciated! forms.gle/BnBUwrRHK3omCEyz7
Dear friend, a spectacular video, and if possible I would need your great help, when starting the SFTP connection I get the error: Could not start SSH session_Failed getting banner. And I don't know what it is due to, I have activated everything related to SSH and SFTP in the nas, and despite this the error continues to appear. Please help me.
I just wanted to say thank you for the video. Unfortunately my 7z.log file had very little info in it and it was dated in 7 months ago. I am hoping that the QNAP recovery works for me. Does anyone know if that method needs this file? If so, I guess I in out of luck. :(
Hi Thanks very much for this info but when i have tried to follow these steps ive noticed that Malware remover has been removed from my QNAP Do you have any suggestions on where to go from here Regards Roy
Hello there is a script from GitHub did you tried That One if not maybe you can look at it and explain to me how i run it maybe That is a solution For us
Hi, unfortunately I caught on January 11, 2022 this Ransomware on a qnap nas and following your guide there is no 7z file. I am waiting hopefully in a future solution I look forward to a future solution
I did what you said do and I am getting an error stating "could not resolve host, getaddrinfo failed". Your video is great though you enplane everything very well.
Thanks for the kind words. Where are you seeing this error mate? At which step? May I or someone smarter than myself reading these comments can help you.
@@piovisinsights763 Hello and thank you so much for taking the time to make such a good and explained video. I'm getting exactly the same error as Mr. Collins. I followed the steps and when opened the connection created(as the one you named NAS) it pops up with the error "could not resolve host, getaddrinfo failed" Hopefully at this time you have a solution or suggestion for this. thank you
@@orestescubafarinas9523 Hi. Thanks for your kind words. Apologies for the delay we've been heavily recruiting the best team so we can help more people such as yourself. Please allow us a few days to look into this for you. Hopefully we can find you a way forward. In the mean time, could you also connect QNAP and the software you're using to connect to the drive (e.g. Total Commander). Write them the same email, with what you just told us. Let's see who can get you the answer first :D
@@piovisinsights763 Thank you for your response and for the effort to get the solution. Will do, I'll try to reach them out meanwhile you and your great team figure it out. Looking forward to any possible solution Regards
Hi @@orestescubafarinas9523 , as we look into finding a solution for your device, we have a team working on raising awareness and gathering the data on ransomware hacking. We would really appreciate it if you could share your experience through our quick 1-minute survey which will help with the credibility of our data and article. forms.gle/BnBUwrRHK3omCEyz7 - Thank you!
Hello, unfortunately there is no password in the 7z.log file for me either. Can I use PhotoRec to find a previous version or a deleted version of the 7z.log file? Unfortunately, the ending * .log cannot be selected in the options, as this ending does not exist. Unfortunately, QlLocker also deleted all of my snapshots. Do you have any ideas how to restore the 7z.log file? Big respect to the detailed video!
Hi I followed your steps until in total commander where you create your connection. After entering the IP adress and admin account and double clicking on the "NAS" connection I receive an error. "Error: failed to connect to the given server!". I really appreciate the time and effort you have gone through to make this video, do you know any way to resolve this issue?
I still have one disk in the NAS and there is a 7z.log file on it without a password. I pulled the second drive out immediately after turning off the NAS and it wasn't running there yet. This means that the 7z.log file could then be there, or it could be created there. What do you think about it?
Thanks for your questions. I think it depends on a few things Jan: 1. Where the Malware Application log save destination is set to. Usually, it saves to one location, so I'd be surprised if it saved to multiple places, especially multiple disks 2. How your RAID system is set up. i.e. does your drive write on multiple disks at the same time or does it split the storage across the drives etc. I'm not super techy, but happy to provide more info where I can. Let us know if we can help in any way.
Thanks so much for this. Really helpful. I have managed to get to the point of using Total Commander to set up FTP, but I have not been able to connect. SFTP error- failed getting banner. I was wondering if you could outline the necessary services and config on the NAS, or any other tips on why I might be getting this error. Many thanks in advance.
Ran into the same issue and in my case it was simply a matter of turning on the connection through SSH in my NAS in the web interface. Just type SSH into the search box and it should show you the relevant option in the setting and enable it. Default port is 22.
A Client of mine just got hit worse the AWS glacier backup wasn't working. I looked for the malware and it is broken it is definitely .7z but it is now even more devious
Potentially. Can you find the Malware Remover log mentioned in the steps? If so, let me know and I'll walk you through the next step. If not, we can try to recover the files as long as you haven't written anything over the formatted disk.
@@rvnster Thanks. We need to find the Malware Remover application log file from your QNAP storage. Watch the video from about 6min 30sec to find out. If you get the password, try to open the 7z file on your separate HD and let us all know what happened. We hope it works for you!
@@rvnster Hi. Thanks for letting us know. I hope you've recovered some files that you needed, eventhough they are encrypted. This means, at least theres now you haven't lost them forever! What we were really trying to recover is the 7z log, which hopefully contains the password that you need to unlock those files you mentioned. If that didn't work, re-visit the QNAP page. Someone kindly left a comment that QNAP have released some sort of recovery software. I haven't had time to try it yet, but keen to know if it helped anyone. Good luck and let us know how it goes.
I followed the instructions and was able to locate the log file however my file was very short. There was only 10 lines and the password was not included. Is my password lost?
I found this very interesting. I have extraced my 7z.* files to a an exteral folder and rest my qnap to factory settings. When i open my 7z.* files the charaters are all jibberish can anyone help? Thanks in advance
Would you like to send me a screenshot of what you're seeing? Best not to share it on a public forum. I'll see if I can help, or at least, I can advise on the information you should black out before sharing as a public comment. Maybe someone may be able to step in and save the day if I cant.
Hi Rafik, we are currently working on an article that aims to raise awareness on ransomware hacks. We are looking for participants like you to help us with a quick 1-minute survey and share your experience. We would really appreciate your input! forms.gle/BnBUwrRHK3omCEyz7
Hi, thank you for your nice video. Unfortunately it didn't work for me. I can't find the 7z.log file. I run MalwareRemover, but it doesn't find any "corrupted" files, everything seems fine and then in Total Commander I can't find the 7z.log file. do you know how I can proceed? Best regards and thank you again.
Hi - not sure why its having problems connecting . No worries, we can get your access back relatively quickly. Here are 3 methods (if one doesn't work, then try the next). FIRST STEP: Lets first re-connect to your QNAP to make sure there are no issues. If you followed my points without doing anything else then you should be fine, as I did it all live without issues in this video. SECOND STEP: If you're trying to connect to your QNAP using mycomputer/myPC, then you'll just need to right click on the drive, and edit your settings on there. Or just re-map the drive. 1. Try accessing your drive via your browser URL, just make sure you remove the colon sign :, and any number after it. e.g. 192.168.2.37:8080 Should be 192.168.2.37 The above number is made up, but you get my point. ** if that doesn't work ** 2. Download QFinder Pro. Its a free software from QNAP. It will hopefully tell you your IP address and port number that you set. You should be able to login from there. ** if that doesn't work ** 3. Connect your laptop directly to your QNAP using a network cable. Then use Qfinder Pro to log back in. If you want, you can just put the port back to what it was: 8080. Not a huge security risk compared the other points I mentioned. Let me know if any of the above works. Cheers
@@piovisinsights763 I tried method 1 and finally got back in, thank you! Found my 7z file but the log is very short (below). Any when I try to open the zip file, there's an error message to say it's corrupted. e -o/mnt/.fw_update_dir /mnt/.fw_update_dir/TS-X31P2_20210515-4.5.3.1670.zip
@@piovisinsights763 I don't think so. Anyway it's corrupted so there's no way of knowing. I also did a search again and found two more 7z files - 7z & 7z.so and both contained gibberish
Hi @@doratsang4719, if you found the video useful would you be willing to share with us your hacking experience on a quick 1-minute survey. We are working towards an article to raise awareness on ransomware hacking and your incident would be highly important for the data we are gathering. forms.gle/BnBUwrRHK3omCEyz7 Thank you!
Thanks for making the video! I followed your tutorial exactly and I got a error message "could not start SSH session: failed getting banner". I see that a number of people have had this issue in the last few months but I did not see a solution. I am assuming that the format of the address should be like this19*.***.**.***:**80 I have tried a number of different ways but it will not pull up the files like in your video. I also went and made sure I enabled enable SSH. Assuming it is under Control Panel> Network & File Services> Telnet/SSH> Check the box "Allow SSH Connection"
This error can be caused by not enabling that SSH connection which you did so the only other thing that might be the problem that i am seeing is that ip adress. It is the same address you use for connecting to the web interface but it doesn't end with :**80, i am assuming you meant 8080 which is a port for HTTP. SSH uses the port 22 tho but in the case of Total Commander, it adds it automatically, so you only need to input your IP address and skip the part with port (that number after the ":" symbol and the symbol itself) and it should be fine.
Anybody get the 7z.log file that clearly has the password only the password doesn't work. This seems to be the case for me. Found the password in the exact format described in the video. I tried it on a 7z file and it's incorrect. Thoughts?
Did your app confirm that it removed the malware mate? If so - this is what I said to someone in a similar situation to you... It sounds that for whatever reason your Malware App log was reset or more unlikely the app was uninstalled and re-installed. Either way, we need that password. You 'could' try using a file restoration software that searches for deleted files. You have a (small) chance of recovering a previous log file that 'might' have the passcode. Without knowing what happened. It's hard to say. I'm continually looking for more solutions that don't rely on the log. If I find something, I will share it. Let us know how it goes. Good luck
@@piovisinsights763 I checked with QNAP if there is a way to recover previous log files and they arent aware. The support guy told that qnap is working on something.
Sorry to hear that Maclej. I'm continually looking for other solutions that don't rely on the log file. I'll share if I find anything. Do you have Malware Application installed on your system? If no, I recommend that you install it ASAP. If yes, I recommend that you double check that the application maintains a log. I hope you find a solution
👆👆Sono stato così fortunato che il nome sopra è stato in grado di aiutarmi a decrittografare e rimuovere tutti i ransomware infetti sui miei file, è un professionista
Hi everyone, We are writing a thought-provoking article about why cybercrime such as ransomware attacks on big companies are often reported, whereas attacks on individuals and small businesses that arguably suffer more are usually not covered by national media in the UK (maybe other countries too). Our ask is for you to participate in a simple, non-evasive survey to add some reality and credibility to our article, which we’d be happy to share it with you. It’s only one page, mostly tick boxes, NO PERSONAL information needed (e.g. email etc.), and you can be anonymous if you choose to be. I promise it’ll be extremely well written and impactful. Who’s in?! Thanks in advance forms.gle/BnBUwrRHK3omCEyz7
Hi - thanks for your message It's had to please everyone. Some say this video is already too long, some don't need to unlock multiple files and the ability to unlock multiple files isn't only connected to this problem - it can be used even if you didn't have a virus. I'm just offering a choice. Hope it helps someone.
@@piovisinsights763 Fair enough. :) I’ve noticed that a lot of videos on TH-cam start with an intro that says what the video is about, then tell you that we are about to do something and then explain what it is we are about to do followed by doing it followed by a recap on what we’ve done. So many videos could be shorter in general but I expect YT give more rewards for making longer videos even if they are just dragging out a short video.. :)
@@SirHackaL0t. You're right to an extent. I think there is a metric that triggers an algorithm when your channel is watched over 10mins. But from what I understand (and maybe experts in this field can keep me honest), the 10min watch can from one vid or multiple (e.g. 2 x 5min vids). If I'm right in the above, it'd make more sense to split my vid into 4 x 5min videos, as I'd also score high for ensuring people watch the entire video length. However, I think that approach is clickbait. I'll learn more about the algorithm and strategy later, when the topic is less emotional and less time sensitive. Right now, I'm just trying to get a solution out there early to help people. Hope that makes sense.
Hi@@SirHackaL0t., I hope you are well. We are looking for participants to take part in a quick 1-minute survey to help with our article which aims to raise awareness about ransomware hacks. We would really appreciate your input! forms.gle/BnBUwrRHK3omCEyz7
Hello Nice video a lot of people are verry happy to get There files back. But For me and others it did not work we cannot see The 7z.log file is there an other solution I also ran to a script from GitHub but dont know how to run it of Some body could look at it maybe That would be a solution For us Many thanks
A big 'thank' you to everyone that participated in our anonymous survey request. We're delighted to share the published article: "Ransomware, you, me and SMEs: What the mass media aren't telling you". www.linkedin.com/feed/update/urn:li:activity:6815585592605257728/ We'll continue to work on your behalf to increase the pressures on authorities to fight for better security and increase awareness. No one deserves the stress that you've all been through. All comments and support appreciated.
I'm a grown man... and this attack has nearly brought me tears. Once I recover my files, I've learned the biggest lesson in my life, lessons, I've thought I already knew, but I misunderstood how ransomware worked and it beat me.
First; I have to say you are a flipping genius!!! Thanks so much for the information. I have not been affected by this ransomware issue, but I'm super curious about your method to recover from it. I really appreciate how thorough you were in explaining everything. Lots of information to absorb, but you left nothing out, so thank you!
This is not to diminish any of the awesomeness of your video - but rather to help others (myself included) make sure we have the necessary things setup beforehand, to be prepared.
It turns out there are some things that need to be in place before your method will work. First; SFTP access needs to be enabled on the QNAP device (I had it turned off on mine). The setting can be found using the search icon (magnifying glass). Next; the SFTP access permissions need to be set to allow access by a particular user. Last; the whole process is 200% easier if you're using a Linux computer to access the QNAP. You can just skip past all of the Windows install craziness, since SFTP comes already installed in the Linux OS. Simply open a terminal window, type sftp [qnap_username]@[qnap_ip_addr] and you're in. Type your password, cd to the logs directory, and cat the 7z.log file. Done.
The very last and final step would be to install Linux on your Windoze computer, and never look back. ;-)
You´re absolutely gold. You saved our private images on all our family since all the times
Awesome news! We are really happy to have helped you :)
There are not enough like buttons in the world to express my gratitude. Where can we make a donation to support your work?
Hi Vladi, thank you so much for your kind words. We are continuing to search for more solution and are happy to help people by providing free solutions.
Currently, we are working towards collating an article that raises awareness on ransomware hacking, and we are looking for participants to share their experience. Would you mind filling a quick 1-minute survey to help with data-collecting and to understand the severity of this hack. Your input would be incredibly useful and we would be eternally grateful. forms.gle/BnBUwrRHK3omCEyz7
Hello, may I request for some help please brothers, I am stuck at the step shown at 11:46 that I could not get into the NAS where it says "COULD NOT RESOLVE HOST, GETADDRINFO FAILED!" so what can I do now?
Much appreciated if you could help, cheers, as I have important work files that are locked by 7z
Hello, thank you for the video, however I couldn't find the 7z file in the latest attack, any alternative solution to this? Mine was attacked around 2 days ago.
Love you man.. You just saved my entire vids en photo archive of my family. Awesome vid!
Really insightful stuff. Thank you for sharing your knowledge and experience!
Hi Sam, Thanks for your kind comments, we're continuing to search for more solutions and are happy to help people. Would you mind filling in a 1 minute survey to help us with our data collecting as we are currently working on an article to raise awareness on ransomware hacking.
forms.gle/BnBUwrRHK3omCEyz7
Thank you Piovis. I followed your instructions to the dot and unfortunately did not find the 7z.log file. It wasn't there. I know I did re-start my Qnap at least once or twice. Infected on 2nd Feb, Malware removed on 19 Feb. Not sure where to turn to now. Very sad and defeated.
Great instruction. I found my encryption key for my device. 1000x thanks!!
Hi Henk, Thanks for your kind comments, we're continuing to search for more solutions and are happy to help people. Would you mind filling in a 1-minute survey to help us with our data collecting as we are currently working on an article to raise awareness on ransomware hacking.
forms.gle/BnBUwrRHK3omCEyz7
I am gutted. Only last week I found my QNAP NAS had been hacked and nearly 2000 CD's worth of music kept on my NAS were encrypted to 7Z. I even contacted QNAP, but their method of trying to recover the files using photorec failed miserably and I was left with a 'sorry nothing else we can do'. Searching the internet including TH-cam for help, your video did not come up and so only yesterday, I re-set my QNAP NAS back to factory settings and have now had to start to rip my 1900 plus CD's all over again. It was only looking on how to dis-connect my NAS from the internet but still able to connect to it using my PC and Sonos app on my phone, your video popped up. Anyhow, I have done exactly what you have said and set up a new user giving read/write access but... when I disabled the admin user, I couldn't connect to my NAS again from my PC, so I am at a loss as to how to ensure my NAS is NOT connected to the internet, yet still able to access it from my PC where I rip any new CD's to my iTunes which is on my NAS. I have connected a 8TB external hard drive to the NAS and am using that to back up my NAS once a week.
Thank you for sharing very important information every one should know
Hi Paul, Thank you for your kind words. We are now working towards collating an article that raises awareness on ransomware hacking. We are looking for individuals like yourself to take part in a quick 1-minute survey to help with data-collecting and to understand the severity of this hack. Your input would be incredibly useful and we would be eternally grateful. forms.gle/BnBUwrRHK3omCEyz7
I don't have 7z.log either.... 21 years of family photos and videos were zipped.... I made this QNAP recovery process as well, but nothing has happened. I didn't get back anything. If I can get my family photos and videos, it would be my goal. Do you have any additional idea?
Thank you for this. My files do have the 7z extension. Any idea why the Malware Remover Log File would be empty? I even ran a Scan and the log is still blank.
Thanks very much for sharing your knowledge. Did you have any suggestions for the mentioned tools to extract the PW as a Mac user?
I'll try and ask around for you as I'm not a Mac user myself. Again, if anyone reading this is a Mac user please help
@@piovisinsights763 I tried out with Filezila and Commander One, with both tool I could access share/CACHEDEV1_DATA/.qpkg/MalewareRemower but unfortunately there is no 7z file located. Even though the Maleware Remover has detected a malware MR1902 on the 2021/04/23. What dose that mean?
@@giuliocifuni1060 I'm not familiar with those two tools. Can you run a search using them? If so, go back into your system files but do NOT go into any folder. Instead try searching for 7z*.txt. Hopefully it will search all of the sub-folders and find it.
If it doesn't find it, it could mean that either 1) the Malware Application didn't actually remove the ransomware for some reason, 2) the application didn't write a log or 3) the log was deleted.
As far as I know, we need that log to find the password.
Can you create a new comment on this TH-cam Channel asking the same question.
I ask you to do this because not many people read replies. I want people to see your comment and hopefully they may also be able to help you.
Let me know how it goes.
@@piovisinsights763 Thank you so much for giving me such a great support. I could run a search but there was no File starting with "7z" that matches with the time and date that repots to the malware remover. But I could identify a file named ".uninstall.sh" in the path: share/CACHEDEV1_DATA/.qpkg/MalewareRemower, that has the same time stamp as indicated in the QuLog Center.
This is what it contains:
#!/bin/sh
# Stop the service before we begin the removal.
if [ -x /MalwareRemover.sh ]; then
/MalwareRemover.sh stop
/bin/sleep 5
/bin/sync
fi
/share/CACHEDEV1_DATA/.qpkg/MalwareRemover/modules/mr_backuplog_01
# Package specific routines as defined in package_routines.
{
#clean schedule
/mnt/ext/opt/Python/bin/python /share/CACHEDEV1_DATA/.qpkg/MalwareRemover/modules/centre.pyc --clean_all_schedule
/usr/local/sbin/nc_tool unregister -A A227
MR_PATH=/share/CACHEDEV1_DATA/.qpkg/MalwareRemover/
set_mutable /share/CACHEDEV1_DATA/.qpkg/MalwareRemover/
set_mutable /share/CACHEDEV1_DATA/.qpkg/MalwareRemover//modules/10_derek_3.pyc
set_mutable /share/CACHEDEV1_DATA/.qpkg/MalwareRemover//modules/12_derek_3.pyc
}
# Remove QPKG directory, init-scripts, and icons.
/bin/rm -fr "/share/CACHEDEV1_DATA/.qpkg/MalwareRemover"
/bin/rm -f "/MalwareRemover.sh"
/usr/bin/find /etc/rcS.d -type l -name 'QS*MalwareRemover' | /usr/bin/xargs /bin/rm -f
/usr/bin/find /etc/rcK.d -type l -name 'QK*MalwareRemover' | /usr/bin/xargs /bin/rm -f
/bin/rm -f "/home/httpd/RSS/images/MalwareRemover.gif"
/bin/rm -f "/home/httpd/RSS/images/MalwareRemover_80.gif"
/bin/rm -f "/home/httpd/RSS/images/MalwareRemover_gray.gif"
# Package specific routines as defined in package_routines.
# Package specific routines as defined in package_routines.
{
#clean tmp data
/bin/rm -rf /tmp/.malware_remover/
}
if [ -f "/usr/local/sbin/nc_tool" ]; then
/usr/local/sbin/nc_tool unregister -A A227
fi
Hi, great content!
I have a usb harddrive attached to my Nas that I set to back up once a week using hb3 but is it ok to keep it always connected? If malware attacks etc
You should do more videos.
I can't find a 7z log file in the MalwareRemover folder. Any suggestions as how to find that so needed password. Thanks a lot. I'm so lost and so is a lifes worth of photos.
For enhanced security, I would also recommend activating the dual authentication and using the QNAP snapshots
100% agree. Great point.
Thank you for your hard work and effort. I'm getting an SSH error when I'm trying to connect with Total Commander configured as instructed. Any ideas?
It says exactly SFTP Error: Error: Could not start SSH session: Failed getting banner
@@dave6501 Three main reasons that I can think of (there may be others)
1. You've lost connection to your drive - Can you locate and access your drive?
2. You need to enable SSH - You can check connection settings via the QNAP control panel
3. You may have mistyped the settings into Total Commander - again QNAP control panel should confirm the settings
For 2 and above, I think part 3 of the video should point you in the right direction.
Hope it helps.
hi there- wish i had found this sooner as well. I have the same issue but I don't have the 7z log file... any thoughts on what I can do?
I have a NAS DS420+ Synology. Is it the same process to recover my files?
Any insights on the new Ql0cker attack?
Thank you for the great video, i followed the steps but cannot find the cahce-dev1 folder under shared. is there any other place that this 7zip log get stored ?
Dang! empty file... Thanks for the lessons. Im hoping I can find a different way to fix this.
You're very welcome. There are a few people on this website in the same situation as you.
I've asked everyone to share their solutions and I'm sure the good people on this channel will do that. Hang in there and hopefully we'll find something that works for you soon!
@@piovisinsights763 I was on my box I believe two days before the attack. The box was being hit like every 5 mins for the admin login, so I disabled it. I didn't notice any issue till I saw i TH-cam video. I mostly use my box for videos and none of them were affected. I immediately updated the firmware and apps. Then started looking for solutions. Im not in a horrible situation but it would be nice to has my info back.
@@JoabRyan Totally agree with you. I mean they are your files!
One of our viewers share that QNAP have a new recovery tool out. I haven't used it, but if you do, please let us know how it goes!
Hi @@JoabRyan, if you found the video useful would you be willing to share with us your hacking experience on a quick 1-minute survey. We are working towards an article to raise awareness on ransomware hacking and your incident would be highly important for the data we are gathering. forms.gle/BnBUwrRHK3omCEyz7
Thank you!
I have followed your section 2 however I do not have a directory cacheDEV1 under Share. Can you offer an alternative location for the file?
Im running QTS 4.3.4
Is it back again? My QNAP removed it back in April but I seem to have loads of 7zip files now. My backup drive (old one) also seems to have it. As a Mac user, Total Commander doesn't work on Mac
Hi Melanie, thank you for your comment - we will look into it over the weekend and get back to you on this. In the meantime, would you be able to help us by filling in our quick 1-minute survey which will assist in finding out about the severity of ransomware hacking. We would really appreciate your contribution! forms.gle/BnBUwrRHK3omCEyz7
@@piovisinsights763 Hi, I am also on a Mac and saw this comment - my QNAP was attacked back in April too and I am just now trying to resolve getting my files back, have you found a solution for Mac users? If so could you point me in the right direction? Thank You
How to decrypt .docx files affected by ".waiting" extension ransomware, please?
I do not have the 7z log. Any other options? Thanks a ton
hi its very informative for me ... i just got by ranemalware nemed "deadbolt"... where i can find it as it is not shown in malware folder
kind need some help
Hi thank you , any solution for mac users?
Hi @jdriod, we are currently looking for a solution for mac-users and will get back to you soon. Would you be able to help us by filling in our quick 1-minute survey in the meantime. The survey aims to assist in our research for our upcoming article on ransomware hacking. Your contribution would really be appreciated! forms.gle/BnBUwrRHK3omCEyz7
After making a new connection by pressing F7 and called it Crilles-nas and doubleclick I got this: SFTP Error, could not resolve host, getaddrinfo failed! What does it mean and what can I do to fix this.
today i was a target to this criminals.. anyway, when I try SSH .. I get "connection refused" and I can't get the log file. My question is: if I reboot the NAS, the logs will be deleted?
hi thanks for the video. I would like to know if it is still working? I lost all my family photos and I am desperate to get them back. my problem is that I know very little English and less computer science. Thank you so much
i have sucsesful follow every step but i can't find the 7z file in de malewareremover log is there a other place where i maybe can find it
Unfortunately, I did not have Malware Remover running during the period the Ransomeware was running. I've since installed it and did a scan but did not detect any malware while all my files are 7zipped. Needless to say, there's no 7zip.log file to view. I've just copied a new file into my NAS and hopefully the malware gets to work again and this time a log file can be generated.
Any other ideas would be great.
What do you do if your logs dont go that far back the date it was done was back on 4/20. Looks like my setting where only 180 days.
Hi there, following your video, got to the point where I open the SHARE file, but I do not have the CACHEDEV1_DATA folder. please can you tell me what to do next
Hello , I see this is a old post. Would this fix work today?
Another ransomware attacked to qnap nas again. Called Deadbolt. Any solution for that? Thx. T.T
Unfortunally i did not find the 7z file in the qpkg folder. is there any other method?
i got 'Error: Failed to connect to the given server' at 16% point after enter the parameters in the Total Commander for new connection to my Qnap NAS.
Any advice? Thanks in advance
I follow your tutorial, first of all, thanks so much! and doing so, I got a error message after configurate the quick connection, I do doble quick to quick connect to the nas, and it show a "error: could not start SSH session: failed getting banner" any help? thanks!
Thanks for your kind words. The below answer is a copy and paste of a similar question - but I hope it helps:
Three main reasons that I can think of (there may be others)
1. You've lost connection to your drive - Can you locate and access your drive?
2. You need to enable SSH - You can check connection settings via the QNAP control panel
3. You may have mistyped the settings into Total Commander - again QNAP control panel should confirm the settings
Let us know how it goes and good luck
Hi Noelia, I hope you are well. We are looking for participants to take part in a quick 1-minute survey to help with our article which aims to raise awareness about ransomware hacks. We would really appreciate your input! forms.gle/BnBUwrRHK3omCEyz7
I also had an error, but in QNAP in the SSH settings I had no tick at SFTP. After the tick it worked fine.
HI, thank you for this tutorial! Unfortunately7z log file is very short. I guess Qnap removed it or deleted it when updated How can i look for the deleted files? I do have EaseUS Data Recovery
I'm not too sure about EaseUS Data, but I have used Photorec software with some success. There are some great guides on TH-cam on how to increases your chances of success. Let us know how it goes - and good luck!
My NAS was updated but the log file was still there!
Great walkthrough! I found my 7z file, but there's no unlock code there. My log file is pretty empty, and the date is showing almost a month after the original log file that was removed. Any recommendations?
Thanks Nalin.
It sounds that for whatever reason your Malware App log was reset or more unlikely the app was uninstalled and re-installed.
Either way, we need that password. You 'could' try using a file restoration software that searches for deleted files. You have a (small) chance of recovering a previous log file that 'might' have the passcode. Without knowing what happened. It's hard to say.
I'm continually looking for more solutions that don't rely on the log. If I find something, I will share it.
Let us know how it goes. Good luck
I did all the process but unfortunately my 7z log file only has 5 lines. You talked about a recovery file software in a previous comment. Any name?
@@NeworldDesigns Photorec is a good software that I've used before. There are also some great guides on TH-cam on how to best use it.
One of the awesome viewers of this channel said that QNAP has also released a new recovery tool. Please check it out from their website and let us know how it goes. Cheers
Hi. I have been so demoralised by this malware attack that I switched 'off' my NAS for about a year ... followed your video and found the 7z Log File (great), however, same issue as above - Log File content is pretty empty ... just a half-dozen lines of zeros ... responses below cite the use of file restoration software ... (another however) ... I am a Luddite and need a step-by-step process? How and where do I find deleted 7z Log Files? Any assistance would be much appreciated, thanks
my understanding is the log file gets wiped after reboot - I cannot find it unfortunately - any other solution? :)
Thanks for your sharing.
I tried follow you instruction to connect my QNAP. I have enabled my SSH and i see connection IP is the same as my SSH port, but i fail to connect. The connection stop at 20% and then restart from 0%. Then error message appear : fail to log in the given server
I found that even i type in a wrong log in name/password, the same error message appear.
Any ideas about my case?
Hi Mike, I'm really sorry to hear this and we will be working hard to find a solution for you over the weekend.
In the meantime, would you be able to help us by filling in our quick 1-minute survey to find out about the severity of ransomware hacking. The data gathered will go towards our upcoming article about ransomware hacking. Your contribution would really be appreciated! forms.gle/BnBUwrRHK3omCEyz7
@@piovisinsights763 Hi! I have the same problem as Mike. Is there any solution found? Thanks!
Dear friend, a spectacular video, and if possible I would need your great help, when starting the SFTP connection I get the error: Could not start SSH session_Failed getting banner.
And I don't know what it is due to, I have activated everything related to SSH and SFTP in the nas, and despite this the error continues to appear. Please help me.
Hi, just been hit with this. I cannot find the file which contains the password. Any other suggestions?
I just wanted to say thank you for the video. Unfortunately my 7z.log file had very little info in it and it was dated in 7 months ago. I am hoping that the QNAP recovery works for me. Does anyone know if that method needs this file? If so, I guess I in out of luck. :(
Hi Thanks very much for this info but when i have tried to follow these steps ive noticed that Malware remover has been removed from my QNAP
Do you have any suggestions on where to go from here
Regards
Roy
Hello there is a script from GitHub did you tried That One if not maybe you can look at it and explain to me how i run it maybe That is a solution For us
Hi, unfortunately I caught on January 11, 2022 this Ransomware on a qnap nas and following your guide there is no 7z file. I am waiting hopefully in a future solution I look forward to a future solution
Really nice video.. any recovery process for ech0raix ransomware?
Good afternoon! Please help me with connecting via FTP! When I connect to the server, it loads up to 15% and then gives an error.
I did what you said do and I am getting an error stating "could not resolve host, getaddrinfo failed". Your video is great though you enplane everything very well.
Thanks for the kind words. Where are you seeing this error mate? At which step?
May I or someone smarter than myself reading these comments can help you.
@@piovisinsights763 Hello and thank you so much for taking the time to make such a good and explained video. I'm getting exactly the same error as Mr. Collins. I followed the steps and when opened the connection created(as the one you named NAS) it pops up with the error "could not resolve host, getaddrinfo failed" Hopefully at this time you have a solution or suggestion for this. thank you
@@orestescubafarinas9523 Hi. Thanks for your kind words. Apologies for the delay we've been heavily recruiting the best team so we can help more people such as yourself.
Please allow us a few days to look into this for you. Hopefully we can find you a way forward.
In the mean time, could you also connect QNAP and the software you're using to connect to the drive (e.g. Total Commander). Write them the same email, with what you just told us.
Let's see who can get you the answer first :D
@@piovisinsights763 Thank you for your response and for the effort to get the solution. Will do, I'll try to reach them out meanwhile you and your great team figure it out. Looking forward to any possible solution Regards
Hi @@orestescubafarinas9523 , as we look into finding a solution for your device, we have a team working on raising awareness and gathering the data on ransomware hacking. We would really appreciate it if you could share your experience through our quick 1-minute survey which will help with the credibility of our data and article.
forms.gle/BnBUwrRHK3omCEyz7 - Thank you!
Hello, unfortunately there is no password in the 7z.log file for me either. Can I use PhotoRec to find a previous version or a deleted version of the 7z.log file? Unfortunately, the ending * .log cannot be selected in the options, as this ending does not exist. Unfortunately, QlLocker also deleted all of my snapshots. Do you have any ideas how to restore the 7z.log file?
Big respect to the detailed video!
Hi I followed your steps until in total commander where you create your connection. After entering the IP adress and admin account and double clicking on the "NAS" connection I receive an error. "Error: failed to connect to the given server!". I really appreciate the time and effort you have gone through to make this video, do you know any way to resolve this issue?
(I have tried with secondary admin accounts as well)
I still have one disk in the NAS and there is a 7z.log file on it without a password. I pulled the second drive out immediately after turning off the NAS and it wasn't running there yet. This means that the 7z.log file could then be there, or it could be created there. What do you think about it?
Thanks for your questions. I think it depends on a few things Jan:
1. Where the Malware Application log save destination is set to. Usually, it saves to one location, so I'd be surprised if it saved to multiple places, especially multiple disks
2. How your RAID system is set up. i.e. does your drive write on multiple disks at the same time or does it split the storage across the drives etc. I'm not super techy, but happy to provide more info where I can.
Let us know if we can help in any way.
Is it too late for me to get my files back if I don't see the malware date?
Thanks so much for this. Really helpful. I have managed to get to the point of using Total Commander to set up FTP, but I have not been able to connect. SFTP error- failed getting banner. I was wondering if you could outline the necessary services and config on the NAS, or any other tips on why I might be getting this error. Many thanks in advance.
Ran into the same issue and in my case it was simply a matter of turning on the connection through SSH in my NAS in the web interface. Just type SSH into the search box and it should show you the relevant option in the setting and enable it. Default port is 22.
A Client of mine just got hit worse the AWS glacier backup wasn't working. I looked for the malware and it is broken it is definitely .7z but it is now even more devious
i do have not (CACHEDEV1_DATA) in the Share folder. sigh
I dont either. How did you get round this?
@@mort90210 no idea. I have tried many methods suggested in the internet, mostly stuck here or there. All my life photos are locked.
I have formated my hard drive but I saved 7z files on other HD. Can I still use this method?
Potentially. Can you find the Malware Remover log mentioned in the steps? If so, let me know and I'll walk you through the next step. If not, we can try to recover the files as long as you haven't written anything over the formatted disk.
@@piovisinsights763 Hi i move it to a separated HD it that's helps. all encrypted files are on separate HD external already
@@rvnster Thanks. We need to find the Malware Remover application log file from your QNAP storage. Watch the video from about 6min 30sec to find out. If you get the password, try to open the 7z file on your separate HD and let us all know what happened.
We hope it works for you!
@@piovisinsights763 ive tried photorec as well both C:prompt and windows. they recover the files but still encrypted
@@rvnster Hi. Thanks for letting us know. I hope you've recovered some files that you needed, eventhough they are encrypted. This means, at least theres now you haven't lost them forever!
What we were really trying to recover is the 7z log, which hopefully contains the password that you need to unlock those files you mentioned.
If that didn't work, re-visit the QNAP page. Someone kindly left a comment that QNAP have released some sort of recovery software. I haven't had time to try it yet, but keen to know if it helped anyone.
Good luck and let us know how it goes.
I followed the instructions and was able to locate the log file however my file was very short. There was only 10 lines and the password was not included. Is my password lost?
I found this very interesting. I have extraced my 7z.* files to a an exteral folder and rest my qnap to factory settings.
When i open my 7z.* files the charaters are all jibberish can anyone help?
Thanks in advance
Would you like to send me a screenshot of what you're seeing? Best not to share it on a public forum. I'll see if I can help, or at least, I can advise on the information you should black out before sharing as a public comment.
Maybe someone may be able to step in and save the day if I cant.
@@piovisinsights763 Please how do i send to you?
@@rafikismail29 Hi Rafik - anuj.datta@piovis.com
Hi Rafik, we are currently working on an article that aims to raise awareness on ransomware hacks. We are looking for participants like you to help us with a quick 1-minute survey and share your experience. We would really appreciate your input! forms.gle/BnBUwrRHK3omCEyz7
Hi, thank you for your nice video. Unfortunately it didn't work for me. I can't find the 7z.log file. I run MalwareRemover, but it doesn't find any "corrupted" files, everything seems fine and then in Total Commander I can't find the 7z.log file. do you know how I can proceed? Best regards and thank you again.
same situation for me. No malware log related to files after infection date and no 7s file.....not sure what to do next.
this didn't work for me. My 7z.log file look to have been overwritten with newer information from a recent unzip :(
Sorry to hear this. Don't give up hope. The silver lining is that your files are just on ice. It's just a matter of time before you'll get them back.
Hi, I changed the port as you suggested but now cannot log-in. Is there anyway you can help? Thanks.
Hi - not sure why its having problems connecting . No worries, we can get your access back relatively quickly. Here are 3 methods (if one doesn't work, then try the next).
FIRST STEP: Lets first re-connect to your QNAP to make sure there are no issues. If you followed my points without doing anything else then you should be fine, as I did it all live without issues in this video.
SECOND STEP: If you're trying to connect to your QNAP using mycomputer/myPC, then you'll just need to right click on the drive, and edit your settings on there. Or just re-map the drive.
1. Try accessing your drive via your browser URL, just make sure you remove the colon sign :, and any number after it. e.g. 192.168.2.37:8080
Should be 192.168.2.37
The above number is made up, but you get my point.
** if that doesn't work **
2. Download QFinder Pro. Its a free software from QNAP. It will hopefully tell you your IP address and port number that you set. You should be able to login from there.
** if that doesn't work **
3. Connect your laptop directly to your QNAP using a network cable. Then use Qfinder Pro to log back in. If you want, you can just put the port back to what it was: 8080. Not a huge security risk compared the other points I mentioned.
Let me know if any of the above works.
Cheers
@@piovisinsights763 I tried method 1 and finally got back in, thank you! Found my 7z file but the log is very short (below). Any when I try to open the zip file, there's an error message to say it's corrupted.
e -o/mnt/.fw_update_dir /mnt/.fw_update_dir/TS-X31P2_20210515-4.5.3.1670.zip
@@doratsang4719 Thanks for sharing. I'm not familiar with that zip file. What is it supposed to be?
@@piovisinsights763 I don't think so. Anyway it's corrupted so there's no way of knowing. I also did a search again and found two more 7z files - 7z & 7z.so and both contained gibberish
Hi @@doratsang4719, if you found the video useful would you be willing to share with us your hacking experience on a quick 1-minute survey. We are working towards an article to raise awareness on ransomware hacking and your incident would be highly important for the data we are gathering. forms.gle/BnBUwrRHK3omCEyz7
Thank you!
Thanks for making the video! I followed your tutorial exactly and I got a error message "could not start SSH session: failed getting banner". I see that a number of people have had this issue in the last few months but I did not see a solution. I am assuming that the format of the address should be like this19*.***.**.***:**80 I have tried a number of different ways but it will not pull up the files like in your video. I also went and made sure I enabled enable SSH. Assuming it is under Control Panel> Network & File Services> Telnet/SSH> Check the box "Allow SSH Connection"
This error can be caused by not enabling that SSH connection which you did so the only other thing that might be the problem that i am seeing is that ip adress. It is the same address you use for connecting to the web interface but it doesn't end with :**80, i am assuming you meant 8080 which is a port for HTTP. SSH uses the port 22 tho but in the case of Total Commander, it adds it automatically, so you only need to input your IP address and skip the part with port (that number after the ":" symbol and the symbol itself) and it should be fine.
Anybody get the 7z.log file that clearly has the password only the password doesn't work. This seems to be the case for me. Found the password in the exact format described in the video. I tried it on a 7z file and it's incorrect. Thoughts?
You're welcome to send us an email with the screenshot of the 7z.log file an highlight the password. We'll try and give you some pointers.
@@piovisinsights763 I'm sorry, where can I find your email address. I will send it ASAP
What should we do if the 7z log file doesn't have the password.
Did your app confirm that it removed the malware mate?
If so - this is what I said to someone in a similar situation to you...
It sounds that for whatever reason your Malware App log was reset or more unlikely the app was uninstalled and re-installed.
Either way, we need that password. You 'could' try using a file restoration software that searches for deleted files. You have a (small) chance of recovering a previous log file that 'might' have the passcode. Without knowing what happened. It's hard to say.
I'm continually looking for more solutions that don't rely on the log. If I find something, I will share it.
Let us know how it goes. Good luck
@@piovisinsights763 thank you.
@@rajkishorereddy Welcome mate
@@piovisinsights763 I checked with QNAP if there is a way to recover previous log files and they arent aware. The support guy told that qnap is working on something.
@@rajkishorereddy Please keep us informed mate. Hopefully they'll figure something out and if it works, it could help so many others. Thanks
no 7z file unfortunately … sad
Sorry to hear that Maclej.
I'm continually looking for other solutions that don't rely on the log file. I'll share if I find anything.
Do you have Malware Application installed on your system? If no, I recommend that you install it ASAP.
If yes, I recommend that you double check that the application maintains a log.
I hope you find a solution
Message the above bio on social media for help and assistance..
👆👆Sono stato così fortunato che il nome sopra è stato in grado di aiutarmi a decrittografare e rimuovere tutti i ransomware infetti sui miei file, è un professionista
Hi everyone,
We are writing a thought-provoking article about why cybercrime such as ransomware attacks on big companies are often reported, whereas attacks on individuals and small businesses that arguably suffer more are usually not covered by national media in the UK (maybe other countries too).
Our ask is for you to participate in a simple, non-evasive survey to add some reality and credibility to our article, which we’d be happy to share it with you.
It’s only one page, mostly tick boxes, NO PERSONAL information needed (e.g. email etc.), and you can be anonymous if you choose to be. I promise it’ll be extremely well written and impactful.
Who’s in?! Thanks in advance
forms.gle/BnBUwrRHK3omCEyz7
Nice and clear pronounciation, but useless video. Malware Removal Tool worked, but no 7z.log file.
Please help me as well , please drop me the email for discussion
I'm sure it's great if you're using Windows which this video presumes.
Nice but having the solution to multiple files in another video seems a bit click baity.
Hi - thanks for your message
It's had to please everyone. Some say this video is already too long, some don't need to unlock multiple files and the ability to unlock multiple files isn't only connected to this problem - it can be used even if you didn't have a virus.
I'm just offering a choice. Hope it helps someone.
@@piovisinsights763 Fair enough. :) I’ve noticed that a lot of videos on TH-cam start with an intro that says what the video is about, then tell you that we are about to do something and then explain what it is we are about to do followed by doing it followed by a recap on what we’ve done.
So many videos could be shorter in general but I expect YT give more rewards for making longer videos even if they are just dragging out a short video.. :)
@@SirHackaL0t. You're right to an extent. I think there is a metric that triggers an algorithm when your channel is watched over 10mins. But from what I understand (and maybe experts in this field can keep me honest), the 10min watch can from one vid or multiple (e.g. 2 x 5min vids).
If I'm right in the above, it'd make more sense to split my vid into 4 x 5min videos, as I'd also score high for ensuring people watch the entire video length.
However, I think that approach is clickbait.
I'll learn more about the algorithm and strategy later, when the topic is less emotional and less time sensitive.
Right now, I'm just trying to get a solution out there early to help people.
Hope that makes sense.
@@piovisinsights763 Getting the info out is vital to those affected. :) Just glad that a solution has been found.
Hi@@SirHackaL0t., I hope you are well.
We are looking for participants to take part in a quick 1-minute survey to help with our article which aims to raise awareness about ransomware hacks. We would really appreciate your input! forms.gle/BnBUwrRHK3omCEyz7
Hello Nice video a lot of people are verry happy to get There files back.
But For me and others it did not work we cannot see The 7z.log file is there an other solution
I also ran to a script from GitHub but dont know how to run it of Some body could look at it maybe That would be a solution For us
Many thanks
A big 'thank' you to everyone that participated in our anonymous survey request. We're delighted to share the published article: "Ransomware, you, me and SMEs: What the mass media aren't telling you".
www.linkedin.com/feed/update/urn:li:activity:6815585592605257728/
We'll continue to work on your behalf to increase the pressures on authorities to fight for better security and increase awareness. No one deserves the stress that you've all been through. All comments and support appreciated.