Ransomware

[Wingle2Wangler]

Sorry to start this again but the thread I was reading and was going to comment on has been locked, unfortunately I was hacked last night and nearly all my files on one of the two drives in my F2-210 had been encrypted before as a last resort after trying unsuccessfully to turn off the unit (no computer turned on but access lights on the F2-210 going mad) I pulled out both drives and the power cord. This was about 2 in the morning so I left everything turned off until the next day, in the morning I gingerly put the drives back in, fired up the unit and turned on the computer, no rapidly flashing access lights thank goodness. Looking at the directories I found I had 2 new txt files on one drive informing me that my files had been encrypted and to get them back I needed to pay them an amount in bitcoin, the other file contained a reference number that I had to quote when making the payment. The other drive seemed to be totally unaffected with all files still readable and no added txt files; perhaps that drive too would have been encrypted if I hadn't have pulled the drives and cut power to the unit; but every file on the effected drive had gained an extra extender, knocking off the extender didn't make the files readable again so it wasn't a bluff. I have everything backed up several times on other drives so everything was replaceable and as such I wiped the effected drive. What I would like to know as I'm no techy is as I updated/reinstalled TOS on the unit will that have eradicated any files that the perpetrators are likely to have placed on my F2-210 unit? I have unchecked the UPnP option on my router and blocked the F2-210 from connecting to the internet, all passwords have also been changed along with the units IP address. No computers were active at the time the access lights started flashing away rapidly (I thought at first it may be the unit simply optimising the drives so didn't panic too much) so I think they obtained access straight through the router some how but as I say I'm not a techy so not sure. My main question as I said earlier is; as I've now reinstalled TOS will any files they planted have been erased?

[TMroy]

I am so sorry to know your device was hit by ransomware!

Here are some of the most common reasons for being attacked:
Outdated system: If your system is not up to date with the latest security patches, it may be vulnerable to known vulnerabilities.
Weak passwords: If you use weak passwords, they can be easily guessed or cracked by attackers.
Exposed ports: If you have ports open to the internet that are not necessary, they can be exploited by attackers.

If you have reinstalled a fresh new system, then your device is safe now. Please follow the guidelines to optimize your device safety and avoid the same story happening again. viewtopic.php?f=6&t=2877

[Wingle2Wangler]

Thank you for your reply, I have already taken most of the measures outlined in your linked post so hopefully I'm pretty safe/safer now. I've had the unit running as my back up and media server for about 4 to 5 years now with no problems at all, a couple of days before the attack I installed Plex for the first time and I am 100% sure that installing Plex is what allowed the attackers in, I'll not be installing any more of the Applications you offer in TNAS PC that's for sure.