F2-221 Ransomware infected complete and clean reinstall

[IvanG]

Hi all

Need some support, unfortunately my NAS has been infected with some ransomware that has efectively encripted all my files. To be sincere I'm not sure how it happened but I have lost all files that I didn't have a backup for.

My problem is that I would like to reinstall TOS from scracth and completely clean to make sure that I get rid of the problem. I've already tried the reinstall process from the configuration but the problem persists and not sure about the process to completely format drives and fresh instalation.

Could you help me please?

[Hardfecx]

Do you have an USB Station for pluggin in external HDD's? If yes, plug them in and format them.
Then recreate your raid Pool.

[TMSupport]

{L_BUTTON_AT}IvanG

Hi! You can refer to the article for troubleshooting. viewtopic.php?f=81&t=1291&hilit=Virus

[IvanG]

Thanks for the replies, I've restored the device to factory settings removing disks, installing TOS from a downloaded image and disconnected it completly from internet closing all ports in my router.

Only emby server 8096 and access to 8181 TOS access where exposed. It started when I noticed a couple of processes with random names running in the NAS that were consuming between 40% and 60% of my CPU(probably mining cryptos). I did a restore to factory settings online and seemed to be resolved, but the bad guys didn't seem to like that and in the second attempt they started encripting it.

Not all my files, only zip, pdf, doc, jpg and so where encrypted. I'm monitoring it and for the moment seems that it is clean although I'm still suspicious about it.

By the way ClamAV was of no help. From the GUI seemed stuck forever doing nothing appart from consuming 100 of CPU adn 40% of memory and trying to launch it from console ended up in a error due to missing libraries. I would suggest that you provide a fix for this as I asume it is a usefull tool.

[Alex_1]

Hello.
I also have an infected terramaster with Ransomware, and have decided to format it. I have two disks in raid 0, but it has infected my access panel and I can't access to TOS OS. Can I connect each disk separately to my windows to format them, being in Raid?

Greetings.

[TMSupport]

I also have an infected terramaster with Ransomware, and have decided to format it. I have two disks in raid 0, but it has infected my access panel and I can't access to TOS OS. Can I connect each disk separately to my windows to format them, being in Raid?

You can format it. Or you can follow the article to remove the virus.