Recommended Posts

It is recommended to upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with to this site here:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like  one of our experts to review them.

Share this post


Link to post
Share on other sites

I have a feeling this may not actually be Nemucod. I'll ask our malware analysts, and see what they say.

Share this post


Link to post
Share on other sites

What exactly was encrypted? Your personal files? Or data on a website?

Share this post


Link to post
Share on other sites

OK, then it was either a Linux ransomware, or someone gained access to the NAS and was able to encrypt files remotely.

I take it you don't have another backup of the files?

Share this post


Link to post
Share on other sites

Yes I think someone has encrypt these files remotely. 

Every pc who has an acces to the nas in my network, have I checked. No Ransomware was found. 

Unfornatuelly there is no backup of these files. The backups are also crypted. 

If you need, i have a crypted file and the same file unencrypted if that could help. 

Share this post


Link to post
Share on other sites
On 3/13/2019 at 10:55 AM, haggard said:

I've done this. 
The Tool tell me it is Nemucod, but with the decrypter for Nemucod I 've no chance to decrypt the files. 
Link: 
https://id-ransomware.malwarehunterteam.com/identify.php?case=2e31923342c6ba65772e39f179af1919b2bbc314

The link to your IDR results  indicates you only submitted a sample of an encrypted file with the .crypted extension which is very generic and used by several different ransomwares to include Yoshikada Decryptor (GlobeImposter variant), Nemucod, and MegaLocker. 

Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections. Submitting any contact email addresses or hyperlinks provided by the criminals may also be helpful with identification.

Share this post


Link to post
Share on other sites

As IDR indicates...currently there is not enough information about MegaLocker. I am not aware of any method to decrypt files encrypted by this ransomware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. For now you can opt-in with IDR to be emailed if any further developments are made for this particular ransomware by clicking the link under Please check back later.

In cases where there is no free decryption tool, restoring from back up is not a viable option and file recovery software does not work, the only other alternative to paying the ransom (if you can even reach the criminals to pay) is to backup/save your encrypted data as is and wait for a possible solution...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution.  

 

Share this post


Link to post
Share on other sites

Unfortunately we can't know anything more about this ransomware without a copy of whatever was used to encrypt the files.

Note that it's possible the NAS was compromised in some way in order to facilitate encryption of the files, and if this is the case then it might not be safe to store any new files on it. If possible, back up all of the encrypted files, reset the settings for the NAS back to defaults, install the latest firmware update for the NAS, and then reset all settings to default again. After that you can reconfigure it and copy your encrypted files back to it if necessary.

Important: In order to prevent issues like this in the future, the NAS cannot be accessible from the Internet.

Share this post


Link to post
Share on other sites

Hi !

Some how i got this misery on my mediaserver/computer as well (Thank good i have a safe copy of all my 185Gb of pictures and videoiclips).

All other 13Tb of music and movies i decrypted... :(

Runing Windows 10 Pro with all windows defender/security enabled and showing no signs of infection what so ever, not even a offline scan showd any sign ???

https://id-ransomware.malwarehunterteam.com/identify.php?case=ce812b2a70aa9060c255c958f53d0154d1cbbac7

 

The page above said "this ransomware is still under analysis", scrolling down a bit it says "Nemucode" in a bright green window with the text "This Ransomware is decryptable".

 

But after reading your post @GT500 you say its not ?

 

And thanks for trying to help and prevent all us novise internetuser arround the world ! ;)

 

/Great Regards

Morgan O.

 

 

Share this post


Link to post
Share on other sites

ID Ransomware will provide different results according to what is submitted.  Submitting an encrypted file with a common extension used by other ransomware usually results in a false positive. That is why as I noted above,  it is important to submit both encrypted files and ransom notes together as well as any contact email addresses or hyperlinks provided by the criminals. The more information, the more accurate the results.

Share this post


Link to post
Share on other sites
On 3/16/2019 at 11:55 PM, Mr_Ohrberg said:

But after reading your post @GT500 you say its not ?

The Nemucod detection us based entirely on the file extension .crypted, which is not accurate. The MegaLocker detection is based on the name of the ransom note and an e-mail address found in the ransom note, and is more than likely the more accurate detection (especially if the ransom note says its "MegaLocker").

 

On 3/17/2019 at 8:00 AM, lukas88 said:

Would it help to provide some original together with its encrypted counterparts?

At this point what our malware analysts need is a copy of the malicious program that encrypted your files. Without that, we don't have any way to know how the files were encrypted, and we won't be able to figure out if it's possible to decrypt them.

Share this post


Link to post
Share on other sites

Me too! The same as Haggard; everything on my NAS is now .crypted. Also, the Nemucod can't determine the key.

Would it help to have my ransom letter as well as a copy of an encrypted and original file?

Thank you in advance for any help or assistance that you can provide!!

Share this post


Link to post
Share on other sites

My Synology NAS is affected too. I have no idea where the malware came from.

I have now shut down my system to prevent future damage. My /home directory isn't affected.

Where do I have to look for the binary? And how can I search the filesystem without to worry about the ransomware encrypting more files?

Thank you in advance for future help.

Share this post


Link to post
Share on other sites
5 hours ago, steveassens said:

Me too! The same as Haggard; everything on my NAS is now .crypted. Also, the Nemucod can't determine the key.

The odds of this being related to Nemucod are extremely low. We're fairly certain this MegaLocker ransomware is something new, and it appears to be targeting anything running vulnerable versions of web server software like PHP.

Basically, since a NAS like the ones effected usually run old versions of the web server software that handles processing their web interface that you log into in your web browser, if they're exposed to the Internet at all then they'll more than likely be found and compromised eventually.

At the moment there's nothing we can do, as we don't have a copy of the ransomware to analyze, so we don't yet know how it's encryption works.

Share this post


Link to post
Share on other sites
4 hours ago, GT500 said:

The odds of this being related to Nemucod are extremely low. We're fairly certain this MegaLocker ransomware is something new, and it appears to be targeting anything running vulnerable versions of web server software like PHP.

Basically, since a NAS like the ones effected usually run old versions of the web server software that handles processing their web interface that you log into in your web browser, if they're exposed to the Internet at all then they'll more than likely be found and compromised eventually.

At the moment there's nothing we can do, as we don't have a copy of the ransomware to analyze, so we don't yet know how it's encryption works.

So the virus can infect from distance and the virus dont have to be localy on my computer ?

 

My guess is that my system was infected through my FTP server "FileZila" with the servers internal IP set to DMZ in my router, if thats even possible ?

This is because no files at all on my servers OS ( 😄 )disk is infected, not a single one! Just files i was sharing through my FTP (To family users only).

No mails are opend or read on this computer

 

 

In want to help in any way i can, so please tell me if i can and how more then provide the files i allread uploaded a few days ago.

 

 

/Great Regards

Morgan O.

 

 

Share this post


Link to post
Share on other sites
22 hours ago, Mr_Ohrberg said:

So the virus can infect from distance and the virus dont have to be localy on my computer ?

We don't know for certain yet. It's possible that it may have been done remotely, however if that was the case then undelete software almost certainly would be able to recover some of the files. It's also possible that the ransomware was copied to the effected system, and somehow executed (in theory using PHP vulnerabilities, however that's only an assumption at this point).

 

22 hours ago, Mr_Ohrberg said:

My guess is that my system was infected through my FTP server "FileZila" with the servers internal IP set to DMZ in my router, if thats even possible ?

That's entirely possible. Especially since DMZ exposes all ports on the system to the Internet, rather than just the ones you need remote access to.

My recommendation is to open only the ports you need, and only open them for IP addresses that need access. If you open a port globally (for all remote addresses) then automated scripts will find them, log them, and even eventually someone will initiate an attack against them.

 

22 hours ago, Mr_Ohrberg said:

This is because no files at all on my servers OS ( 😄 )disk is infected, not a single one! Just files i was sharing through my FTP (To family users only).

No mails are opend or read on this computer

 

In want to help in any way i can, so please tell me if i can and how more then provide the files i allread uploaded a few days ago.

Based on this, I'd say the attacker probably brute forced the password for your FTP server and then ran a script that downloaded your files, encrypted them, deleted them from the FTP server, and then uploaded the encrypted files in their place. If this is a Windows system with an NTFS filesystem, then file recovery software will almost certainly be able to get your files back. It might be possible on some Linux systems as well, depending on what filesystem was used.

Share this post


Link to post
Share on other sites

Thanks for trying to enlight me on what might have happend and how it might have been done.  :)

 

DMZ is now turned off!

Just in case of the visrusscann i did was flawd in any way, i re-installed Windows 10 PRO that is running my server.

All Harddrives (4x4Tb + 128Gb Primary Disk C:)  are NTFS.

I realy hope it wasent a mistake to re-install windows for the sake of trying to recover the files ??

 

Can you recommend any software for a try of recovering my files, 10-25 USD is affordable. 

 

Thanks again @GT500 for the time u spend to inform me/us :)

 

/Great Regards

Morgan O.

Share this post


Link to post
Share on other sites
18 hours ago, Mr_Ohrberg said:

I realy hope it wasent a mistake to re-install windows for the sake of trying to recover the files ??

A reinstall of Windows can complicate recovery of files, and may even make it impossible to recover some files. It just depends on what was overwritten when reinstalling Windows.

 

18 hours ago, Mr_Ohrberg said:

Can you recommend any software for a try of recovering my files, 10-25 USD is affordable. 

There are a number of free and paid recover softwares listed on Wikipedia at the following link:
https://en.wikipedia.org/wiki/Data_recovery#List_of_data_recovery_software

I don't have experience with most of them, and have not needed to use software like this in many years, however I am familiar with the following names:

  • BartPE - Discontinued software for building bootable Windows PE disks using files from Windows 2000, Windows XP, and Windows Server 2003 installation disks. BartPE is no longer recommended.
  • KNOPPIX - Classic Linux LiveCD intended for data recovery. I have not used it in over a decade, and there are newer versions I am not familiar with, so I can't say what tools they come with.
  • Windows Preinstallation Environment (WinPE) -  A bootable Windows environment intended to be run from a CD or DVD. This doesn't come with data recovery software by default, and I would believe it still boots to a Command Prompt with no other means of interacting with it.
  • Recuva - Freeware file recovery software made by Piriform (the company that makes CCleaner, and was bought out by Avast a few years ago). This is a popular option due to the free price tag, however I am not familiar enough with it to know how effective it is.

Note that the ones I mentioned may not necessarily be better or worse than other options listed on Wikipedia. Most appear to be commercial offerings, and some can cost a lot of money, however there may be some other freeware tools buried in Wikipedia's list.

  • [email protected] File Recovery - This doesn't appear to be listed on Wikipedia, but is worth mention anyway. Most of my experience with this company's products revolves around other tools they make, and it's been a long time since I've tried their software, however this should be as good as anything else.

Share this post


Link to post
Share on other sites

I have a good data recovery experience. I would not use such programs.

Any free data recovery tools and free versions of such programs can be effective, only if you yourself have deleted the files to the Trash and cleared it.
If the disk space that files occupied before encryption was overwritten and / or erased with zeros or garbage, as modern crypto-ransomware do, then even paid versions will not help. 

Can be recover data after any attack, and even minor damage to the disk space. But this requires a hardware and software complex. This method is time consuming, expensive and hardly a simple PC user will go for it, if only he is a not millionaire.

I assume that files after MegaLocker Ransomware can be decrypted. While the work of this Rw is not sufficiently investigated. There are all a few requestы in public forums.

 

Share this post


Link to post
Share on other sites
On 3/23/2019 at 6:55 AM, Amigo-A said:

If the disk space that files occupied before encryption was overwritten and / or erased with zeros or garbage, as modern crypto-ransomware do, then even paid versions will not help.

It's possible that the files were not overwritten, as this appears to be a case of FTP server compromise as opposed to a case of the ransomware being executed on the effected system. I can't say that's true for every instance of MegaLocker, however that does appear to be the case for Mr_Ohrberg.

 

On 3/23/2019 at 6:55 AM, Amigo-A said:

I assume that files after MegaLocker Ransomware can be decrypted.

That's entirely possible, however it's difficult to say until we have more information.

Share this post


Link to post
Share on other sites
On 3/22/2019 at 10:14 PM, GT500 said:

A reinstall of Windows can complicate recovery of files, and may even make it impossible to recover some files. It just depends on what was overwritten when reinstalling Windows.

 

There are a number of free and paid recover softwares listed on Wikipedia at the following link:
https://en.wikipedia.org/wiki/Data_recovery#List_of_data_recovery_software

I don't have experience with most of them, and have not needed to use software like this in many years, however I am familiar with the following names:

  • BartPE - Discontinued software for building bootable Windows PE disks using files from Windows 2000, Windows XP, and Windows Server 2003 installation disks. BartPE is no longer recommended.
  • KNOPPIX - Classic Linux LiveCD intended for data recovery. I have not used it in over a decade, and there are newer versions I am not familiar with, so I can't say what tools they come with.
  • Windows Preinstallation Environment (WinPE) -  A bootable Windows environment intended to be run from a CD or DVD. This doesn't come with data recovery software by default, and I would believe it still boots to a Command Prompt with no other means of interacting with it.
  • Recuva - Freeware file recovery software made by Piriform (the company that makes CCleaner, and was bought out by Avast a few years ago). This is a popular option due to the free price tag, however I am not familiar enough with it to know how effective it is.

Note that the ones I mentioned may not necessarily be better or worse than other options listed on Wikipedia. Most appear to be commercial offerings, and some can cost a lot of money, however there may be some other freeware tools buried in Wikipedia's list.

  • [email protected] File Recovery - This doesn't appear to be listed on Wikipedia, but is worth mention anyway. Most of my experience with this company's products revolves around other tools they make, and it's been a long time since I've tried their software, however this should be as good as anything else.

 

Hi !

Had to go away for a few days, so sorry for a late reply.

And thanks again for a verry informative post. :)

Windows is and was installed on a separat disk ( 😄 ) where no files are stored, all files that was crypted are at 😧 E: F: and G: so no files where overwritten i guess.

 

I will give one of the Recovery apps a go later this wekk end hoping for the best if its any idea att all after reading Amigo-A´s input ?

 

Thanks again.

 

/Great Regards

Morgan O.

 

 

Share this post


Link to post
Share on other sites

 

Quote

I will give one of the Recovery apps 

Before attempting to restore files you need to remember important conditions for data recovery:
- the program, that will restore the data, must be on another disk;
- the disk, on which the program will run, should have a lot of free space;
- the disk, from which you want to recover data, must be connected to the PC as second;
- the PC, that data recovery, will work for many hours without shutting down.

Share this post


Link to post
Share on other sites
21 hours ago, Mr_Ohrberg said:

I will give one of the Recovery apps a go later this wekk end hoping for the best if its any idea att all after reading Amigo-A´s input ?

He was thinking that the computer was actually infected with ransomware, in which case most ransomware will leave files unrecoverable. If you're right and it was just your FTP server that was compromised, and no malicious code was actually executed on your computer, then in theory the files should be there and merely have been deleted.

His advice isn't incorrect, he just misunderstood the circumstances. ;)

Share this post


Link to post
Share on other sites
On 3/31/2019 at 10:46 AM, Amigo-A said:

 

Before attempting to restore files you need to remember important conditions for data recovery:
- the program, that will restore the data, must be on another disk;
- the disk, on which the program will run, should have a lot of free space;
- the disk, from which you want to recover data, must be connected to the PC as second;
- the PC, that data recovery, will work for many hours without shutting down.

Yep, the restore app will be installed on the newly re-installed windows disk.

I bought a new disk to use just for this, so i will do it like this...

Recover from d:  to new disk and when thats done ill format d: after that i recover from e: to d: and so on. :)

 

/Great Regards

Morgan O.

Share this post


Link to post
Share on other sites
On 3/31/2019 at 10:02 PM, GT500 said:

He was thinking that the computer was actually infected with ransomware, in which case most ransomware will leave files unrecoverable. If you're right and it was just your FTP server that was compromised, and no malicious code was actually executed on your computer, then in theory the files should be there and merely have been deleted.

His advice isn't incorrect, he just misunderstood the circumstances. ;)

Sounds like GREAT news to me.

So ill hope for the best since i cant be 100% certain it was just an FTP breach.

But the facts pointing to it since only files in FTP shared folders was crypted, virus scans could find no infected or crypted files on any other computers in my private network at all.

 

 

/Great Regards

Morgan O.

Share this post


Link to post
Share on other sites
12 hours ago, Mr_Ohrberg said:

So ill hope for the best since i cant be 100% certain it was just an FTP breach.

But the facts pointing to it since only files in FTP shared folders was crypted, virus scans could find no infected or crypted files on any other computers in my private network at all.

OK. Let us know if you're able to recover anything, that way we know whether or not to continue recommending trying file recovery software.

  • Upvote 1

Share this post


Link to post
Share on other sites

Got infected too, on a Synology NAS. what a desaster!

However, not on all shares of the system were infected. Some shares were more protected, so I belive the criminals could not read/write all files on the NAS.

The encrypted files have the extention ".nampohyu" - which to information I found also is "MegaLocker" Ransomware. It also is referred to NamPoHyu.

in each encrypted directory I find a file called "!DECRYPT_INSTRUCTION.TXT"

In this file it is said that the encryption is done by an AES - 128 CBC algorithm, which - if this is true - could be helpful information. Furthermore the files provides an unique ID which has a format of a 16 byte hexadecimal string. Could this been related to the key required?

Anyway I have some few pdf -files which were encryped but from which I also have the originals. May be bruteforce could help to indentify?

And as the name of the extention is different is this another subject - or - because this is MegaLocker too, it belongs to the same thread, and I have posted my comments correctly?

Share this post


Link to post
Share on other sites

Description  MegaLocker Ransomware 

Albert-S

Your information corresponds to the description + March 8, 2019 update with extension .nampohyu
Can you add anything?

For example, about what preceded the attack, was the download of suspicious files, the reloading of lan-hardware. 

 

Share this post


Link to post
Share on other sites

Hello there, 

i am new here and have the same problem. The "Megalocker" Ransomware on my MyCloud NAS.

So all my important data are .crypted. I am looking forward to a solution :)

 

best regards, 

borstibo

Share this post


Link to post
Share on other sites

@Albert-S and @borstibo there is a possibility that if you remove the drives from the effected NAS, and connect them to a computer that is capable of reading them (if they are formatted with either that FAT32 or NTFS filesystems then Windows computers should be able to read them), that you may be able to use file recovery/undelete software to recover some of the files.

Please note that this is based on an assumption, and may not be correct. The assumption is that the device is not actually infected, and that an attacker was able to gain access through a service on the NAS such as FTP or SMB, copy the files to their system, encrypt them, and then copy them back to the NAS. There's also the possibility that the files may simply have been renamed rather than being encrypted.

If you want more information about the possibility of using file recovery software, then look over some of the messages that I and Amigo-A posted for Mr_Ohrberg further up in this topic.

  • Like 1

Share this post


Link to post
Share on other sites

Oh, and perhaps the most important thing, make sure your NAS is no longer exposed to the Internet. Unfortunately they're not secure, and if you need access to it over the Internet then be sure to use a VPN with a secure password. Also, consider only opening the port for the VPN for specific IP's that need access.

Share this post


Link to post
Share on other sites
On 4/15/2019 at 10:54 AM, Amigo-A said:

For example, about what preceded the attack, was the download of suspicious files, the reloading of lan-hardware. 

 

Hello,

I have been attacked by the same virus than Albert-S .
Nampohyu on a Synology NAS.
It has affected only files accessible through Cloud Station, a proprietary cloud system.

And because it has been done when I was away from home but with my computer powered on, all replicas of the files on the PC are infected too!

@Amigo-AI can send you a example file infected, if needed.
For the moment, I didn't touch at the files, I've powered down the NAS and saved all the files, even those infected.

Is there a chance to have a decryptor for this virus variant?
Thanks for your help

Philippe

Share this post


Link to post
Share on other sites

Thank you all for your considerations. What I noticed is, that on the attached PC's there seem to be no infection. I have scanned all desktops with different virus scanners.

What I further noticed is that file-size of the encrypted file is exactly the same with the original file size. And, as a suggested by GT500 I did check on the extension removal. I'm afraid that does not help. So this makes me believe that AES128-CBC is not the encryptor used, because otherwise I would find some block size filler. Or the encryptor just reduces the size of the last block.

There is more interesting that I found: On March 24 th several executables (20 in total) on the targeted share of the NAS has been changed, all done within 10 minutes. Furthermore the virus scanner identified these files as infected. I submitted on Sunday evening a file called SecureLOCK.e_e a renamed exe-file, as well as I submitted some encrypted files in a prior mail.

Furthermore, I was surprised by the speed of the encryption: Although the hardware is quite old, the within 2 hours time 350 GB (0,35 TB) has been encrypted. So the encryption process cannot be very complicated and it is very efficient. And to my knowledge during most of the time the encryption was done, none of the PC's were on. So I assume it was a process running on the NAS itself. But at the time the encryption started it could be that I triggered the process by executing one of the infected files mentioned above. I also noted that very rarely some files were skipped, the skipped files have generally a small files size.

The encryption time was very fast. Especially when I compare it to the endless hours it takes to back-up all the encrypted an remaining unencrypted files on anther device.

 

 

 

Share this post


Link to post
Share on other sites

There is something more interesting on the encrypted files: The encryption speed seems to depend on the number of files; not on the size of the file. A very large file is ‘encrypted’ with the same speed a very small file. On average I calculated a speed of about 13 files a second.

More analyzing shows to my first impression that only the first 64kB of each file is encrypted. This does however not mean that smaller files cannot be encrypted as well. What I further think is that encryption is done in blocks of 128 bit and when the filesize does not match the remaining few bytes are left as is, keeping the filesize unchanged

  • Upvote 1

Share this post


Link to post
Share on other sites
Quote

I can send you an example file infected, if needed.


pmarty
Yes. Send me  such files for comparison.

Share this post


Link to post
Share on other sites
vor 19 Stunden schrieb GT500:

@Albert-S and @borstibo there is a possibility that if you remove the drives from the effected NAS, and connect them to a computer that is capable of reading them (if they are formatted with either that FAT32 or NTFS filesystems then Windows computers should be able to read them), that you may be able to use file recovery/undelete software to recover some of the files.

Please note that this is based on an assumption, and may not be correct. The assumption is that the device is not actually infected, and that an attacker was able to gain access through a service on the NAS such as FTP or SMB, copy the files to their system, encrypt them, and then copy them back to the NAS. There's also the possibility that the files may simply have been renamed rather than being encrypted.

If you want more information about the possibility of using file recovery software, then look over some of the messages that I and Amigo-A posted for Mr_Ohrberg further up in this topic.

i try to use a recovery software.

Maybe i have an answer tomorrow. 

 

vor 19 Stunden schrieb GT500:

Oh, and perhaps the most important thing, make sure your NAS is no longer exposed to the Internet. Unfortunately they're not secure, and if you need access to it over the Internet then be sure to use a VPN with a secure password. Also, consider only opening the port for the VPN for specific IP's that need access.

This was the first i have done after discover the malware. No more internet to my NAS. 

Share this post


Link to post
Share on other sites
6 hours ago, Albert-S said:

More analyzing shows to my first impression that only the first 64kB of each file is encrypted.

Some ransomware will only encrypt a small portion of the beginning of each file. This allows the encryption process to go much more quickly, and if done by a program executed directly on the effected system/device it prevents the usage of file recovery software (as the data in the file is overwritten rather than creating a copy of the file and then needing to securely erase it).

The issue is that it is difficult to know for certain what kind of encryption was used on the files without being able to look at the program that is encrypting them.

Share this post


Link to post
Share on other sites

pmarty

I can not download attachments here.
Better send it to www.sendspace.com or my email (PM)

Share this post


Link to post
Share on other sites

Hi,

It is a plague. All my personal photos, my data were encrypted by NamPoHyu ransomware on my NAS synology. All the best moments of my loved ones are gone :(
The action was probably carried out by a remote attack (FTP, samba?). Only the shared disks were touched on the NAS. Not the PCs of the network.

 

On the login system log file of the NAS, I saw the external connections for the 2 days of ransomware activities (all my encrypted file's date are 2019-04-13 and 2019-04-14). Nothing since.

https://www.sendspace.com/file/eoyg0u

Share this post


Link to post
Share on other sites

Yes, I suffered exactly the same type of attack at the same date...

Here is an interesting article about this nampohyu virus: https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/

I don't know if virus can spread itself? Or if it is a distant attack using an accessible door on the NAS, without letting virus on the NAS?
Does someone have an answer to this question?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.