choose the /dev/mapper/cachedev1 disk (it should be the disk from step 8)ġ2. At me it was '/dev/mapper/cachedev1' (You can use df -h for it) and note it Filesystem Size Used Available Use% Mounted on Untar testdisk, go to the directory and change the permissions of the executable tar -xvf 2Ĩ. look for your architecture (uname -a) for i386 or x86_64 Linux NAS-XXXX 4.14.24-qnap #1 SMP Tue Mar 2 06:10: x86_64 GNU/LinuxĦ. Sudo mount -t cifs -o user= /// /mnt/rescue-shareĥ. Connect to your samba share: mkdir /mnt/rescue-share (Confirm it with 'Y') You should get a shell.Ĥ. After Login you get an screen with some option. You should use ypur admin credentials to login.ģ. Login over SSH (Putty on Widows) on your NAS. You should use your Windows Account with a password (if your account haven't one, create it. You need to have access the ssh terminal of your QNAP NAS (you can activate it over the GUI it doesn't change your data)Ĭreate a samba share on your windows computer (yes it should be work on linux or macOS but I didn't tried it) The files are deleted after archiving and encrypting with 7z and exists in the not allocated space of your disk. MAKE SURE THE NAS IS NOT AVAILABLE IN THE INTERNET, DELETE ALL EXPOSED HOST RULES ON YOUR ROUTER
Write up copied from here: and pasted below.ĮDIT: I have reworded this writeup in the commentsĮDIT 2: A video detailing this method has been shared hereįIRST: NO WRITING/CHANGE/DELETE/CRTEATE FILES AFTER ENCRYPTION ATTACK This works even if you have restarted your nas since the attack The crux is that your unencrypted files are marked for deletion and may be recoverable if you act soon. It's inconvenient and will require a lot of manual organising once the files are recovered, but it's working for me. Haven't seen this posted yet and it might really help if you don't have recent backups or whatever. EDIT 26/MAY QNAP themselves have released a solution that makes this process so much easier.
0 kommentar(er)
