There is certainly enough knowledge in this thread to help.
I dont see the point in commenting further unless more information is provided.
Burying your head in the sand and starting over wont stop this happening again.
2 Likes
You need to get proper support as to locate the source of the intrusion to begin with as if this is your 2nd time somethings off. It’s highly unlikely to have been via Rock and more than likely a pc or Nas on your network from a dodgy link or email and it’s residing on them. If you don’t clear it it likely to reoccur. Paying up isn’t going to stop it if the the actual software it’s implanted is still active on your network.
Does Roon no longer play your files? Or is it just lock it out access from a pc?
2 Likes
This malware attacks NAS’s, WD cloud storage systems, etc. I think we’ve spoken about this on forums recently.
How 0xxx Ransomware infected your computer
Ransomware infections are usually quite sneaky, which makes them proliferate systems without users’ consent. The most abused distribution channels are deemed to be trojans, malicious spam letters, hijacked RDP configuration, backdoors, keyloggers, untrustworthy downloads, and other suspicious content that may deliver infections. Malicious spam is a popular way of distributing malware via legitimate-looking attachments. Cybercriminals tend to disguise their messages as delivery companies that send updated information about your parcel. They can attach a malicious link leading to fake applications meant to track down your parcel. Sometimes they choose to attach MS Office documents, PDFs, executable, or Javascript files reconfigured for storing malware, instead. Trojan is a type of program that may be hidden inside of fake software updaters or installers claiming to fix various problems. Instead of doing so, the installer will simply transform into a trojan, which will deliver other infections into the mix. Whatever the distribution method is, most of them capitalize on unattentive and inexperienced users that download dubious content without caution. Our guide below will help you get more educated on how to be protected against such threats in the future.
You’ll need to think back to what you’ve been doing recently.
I hope you have a back-up of all your music and whatever files you have on your computer. As you won’t be getting them back. Don’t pay for it either, eventually we will get Decryption Keys…
1 Like
Has MGX disappeared or has he possibly been hacked again. I’ve noticed there’s not much detailed interaction with other members
This happened to me a few years back on my QNAP NAS. Recovery was easy, I just reset the NAS snd restored a backup.
Main thing to do regarding prevention is to ensure you have no user access called ‘admin’. Create a new user account on all your stuff, router, Rock, NAS, PC, etc and delete any called Admin.
Use firewalls and antivirus software and it should not happen again. Keep a recent backup and you won’t need to pay them.
Hope this helps.
2 Likes
Am I getting paranoid or does this original post, and subsequent post, sound fishy. As in trying to get information from users of ROON about the various set up.
2 Likes
My thoughts as well👍
He’s been a forum member since January 2016, of course there’s a chance that we could be reading posts from a compromised forum account.
QNAP now gives you repeated alerts if your default user name of ‘admin’ is still enabled. You have to create a new admin username and disable the ‘admin’ username to stop the alerts.
2 Likes
I have read this topic myself and although I have no issues how do I ensure that remains the case , I’ve just added a port forwarding rule to my router to access roon via arc whilst at family, thinking of removing arc of its going to cause things like this for people
Quite worrying reading it my rock is On a nuc which is connected to the router , I use Apple iPhone for remote .
Do these crooks need to get access to your router settings to access the rock ie by knowing the router login password ?, when I installed the port forwarding rule it told me in roon what to set so I just did that as it didn’t no it automatically?.
2 Likes
The most likely cause of the OP becoming infected with software that has hijacked his music (note, I did not and will not call it hacked) on his drive is by doing something risky like clicking on an email attachment from a Windows PC. These are opportunistic attempts to prey on people that are not cautious and have not kept up on endpoint security definitions. The method of infection is very unlikely to be through any kind of port that has been opened to support Roon Arc.
3 Likes
Apologies for seeming a little naive ( although I am in truth ) regarding these endpoint security definitions I am running ropieee as endpoint is this security definition relevant to using one of those although I’ve kept it updated. Thanks for any advice
I’m talking about Windows anti-virus, anti-malware and similar software. The chances of Roon or Ropieee having any part in the OPs music getting hijacked are about as close to zero as you can get. It’s much more likely that he clicked on a link in an email while he had a mapped drive to the music folder and installed the software himself.
4 Likes
Thanks for that I’ll rest easier now , I have been reading how to change admin sign in name on routers ( after reading further above ) but apparently that’s not possible !!
So I’ll just leave as is now I’ve read your posts
Is it a Western Digital?