This malware attacks NAS’s, WD cloud storage systems, etc. I think we’ve spoken about this on forums recently.
How 0xxx Ransomware infected your computer
Ransomware infections are usually quite sneaky, which makes them proliferate systems without users’ consent. The most abused distribution channels are deemed to be trojans, malicious spam letters, hijacked RDP configuration, backdoors, keyloggers, untrustworthy downloads, and other suspicious content that may deliver infections. Malicious spam is a popular way of distributing malware via legitimate-looking attachments. Cybercriminals tend to disguise their messages as delivery companies that send updated information about your parcel. They can attach a malicious link leading to fake applications meant to track down your parcel. Sometimes they choose to attach MS Office documents, PDFs, executable, or Javascript files reconfigured for storing malware, instead. Trojan is a type of program that may be hidden inside of fake software updaters or installers claiming to fix various problems. Instead of doing so, the installer will simply transform into a trojan, which will deliver other infections into the mix. Whatever the distribution method is, most of them capitalize on unattentive and inexperienced users that download dubious content without caution. Our guide below will help you get more educated on how to be protected against such threats in the future.
You’ll need to think back to what you’ve been doing recently.
I hope you have a back-up of all your music and whatever files you have on your computer. As you won’t be getting them back. Don’t pay for it either, eventually we will get Decryption Keys…
mjw
(Here I am with a brain the size of a planet and they ask me to pick up a piece of paper. Call that job satisfaction? I don't.)
Split this topic
25
Has MGX disappeared or has he possibly been hacked again. I’ve noticed there’s not much detailed interaction with other members
mjw
(Here I am with a brain the size of a planet and they ask me to pick up a piece of paper. Call that job satisfaction? I don't.)
Split this topic
49
This happened to me a few years back on my QNAP NAS. Recovery was easy, I just reset the NAS snd restored a backup.
Main thing to do regarding prevention is to ensure you have no user access called ‘admin’. Create a new user account on all your stuff, router, Rock, NAS, PC, etc and delete any called Admin.
Use firewalls and antivirus software and it should not happen again. Keep a recent backup and you won’t need to pay them.
Am I getting paranoid or does this original post, and subsequent post, sound fishy. As in trying to get information from users of ROON about the various set up.
QNAP now gives you repeated alerts if your default user name of ‘admin’ is still enabled. You have to create a new admin username and disable the ‘admin’ username to stop the alerts.
I have read this topic myself and although I have no issues how do I ensure that remains the case , I’ve just added a port forwarding rule to my router to access roon via arc whilst at family, thinking of removing arc of its going to cause things like this for people
Quite worrying reading it my rock is On a nuc which is connected to the router , I use Apple iPhone for remote .
Do these crooks need to get access to your router settings to access the rock ie by knowing the router login password ?, when I installed the port forwarding rule it told me in roon what to set so I just did that as it didn’t no it automatically?.
The most likely cause of the OP becoming infected with software that has hijacked his music (note, I did not and will not call it hacked) on his drive is by doing something risky like clicking on an email attachment from a Windows PC. These are opportunistic attempts to prey on people that are not cautious and have not kept up on endpoint security definitions. The method of infection is very unlikely to be through any kind of port that has been opened to support Roon Arc.
Apologies for seeming a little naive ( although I am in truth ) regarding these endpoint security definitions I am running ropieee as endpoint is this security definition relevant to using one of those although I’ve kept it updated. Thanks for any advice
I’m talking about Windows anti-virus, anti-malware and similar software. The chances of Roon or Ropieee having any part in the OPs music getting hijacked are about as close to zero as you can get. It’s much more likely that he clicked on a link in an email while he had a mapped drive to the music folder and installed the software himself.
Thanks for that I’ll rest easier now , I have been reading how to change admin sign in name on routers ( after reading further above ) but apparently that’s not possible !!
It doesn’t matter what security precautions you take, there’s always a chance some scum bag will get through. The best security you can have is good quality offline backups. All other precautions only decrease the likelihood you’ll get caught out. However, once you’ve been hacked it’s important to work out how it occurred and make sure your clients etc aren’t infected any longer.
I run my data on a NAS, all clients access the data as read only. I’m not entirely sure but I think Roon allowed me to connect as read only and the database is stored on a local ssd not the music data storage location. I backup regularly.
The name of the administrator account on a device isn’t the issue. It’s the strength of the password used.
Most people will reuse the same weak password across devices (and websites). Doing this on an account not named “admin” is just security through obscurity.
The better advise is to use a password manager and a strong, unique password for every device (or website login). Also, use 2FA whenever possible.