NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
RN212 BotNet or Hacked Infection
So over the last 4 months I have had some rather unfortunate issues with my work and home network. Our office was hit with ransomware and infected with various other malware bloom issues when our net...
Zizuar wrote:
So over the last 4 months I have had some rather unfortunate issues with my work and home network. Our office was hit with ransomware and infected with various other malware bloom issues when our network admin tried to stop it.
You'll need to expose it to your home network (or at least one PC) for a short time, so be sure that PC is backed up. You should install at least one antimalware software package on the PC that offers real-time protection. Perhaps turn off SMB file sharing, as that is likely the main vector for spreading the infection. Also, disconnect the router WAN port when you power up the NAS again. Turn off or disconnect or turn off everything but the PC before you turn on the NAS.
After that you set a static IP address on the NAS, but deliberately misconfigure the gateway. That will prevent the NAS from reaching the internet. Also, disable all the file sharing protocols (SMB, AFP, NFS) - as the spread to other PCs might involve these protocols.
Then set up USB backup jobs to back up the network shares, and tie those to the backup button.
After that you can disconnect the NAS from the network, and turn everything back on again. Connect an NTFS formatted USB disk to the NAS that is large enough to hold all the files, and use the backup button to back them up. You should scan the files for malware on the PC with the real-time protection after they are backed up (disconnecting the PC from the network before connecting the drive).
An alternative approach (though more expensive) is to purchase ReclaiMe RAID recovery software. If you are using XRAID or RAID-1, then connect one of the RN212 drives to a PC with a USB adapter/dock. If you are using jbod or RAID-0 you'll need to connect both. The PC wouldn't recognize the disk formatting, so it is insulated from the malware. Then use ReclaiMe to copy the files off the data volume to a USB disk. You'd still need to have the PC to be backed up, with real-time malware protection installed, and disconnected from your network - since the data files you are extracting from the NAS drive might be infected.
Zizuar wrote:
So over the last 4 months I have had some rather unfortunate issues with my work and home network. Our office was hit with ransomware and infected with various other malware bloom issues when our network admin tried to stop it.
You'll need to expose it to your home network (or at least one PC) for a short time, so be sure that PC is backed up. You should install at least one antimalware software package on the PC that offers real-time protection. Perhaps turn off SMB file sharing, as that is likely the main vector for spreading the infection. Also, disconnect the router WAN port when you power up the NAS again. Turn off or disconnect or turn off everything but the PC before you turn on the NAS.
After that you set a static IP address on the NAS, but deliberately misconfigure the gateway. That will prevent the NAS from reaching the internet. Also, disable all the file sharing protocols (SMB, AFP, NFS) - as the spread to other PCs might involve these protocols.
Then set up USB backup jobs to back up the network shares, and tie those to the backup button.
After that you can disconnect the NAS from the network, and turn everything back on again. Connect an NTFS formatted USB disk to the NAS that is large enough to hold all the files, and use the backup button to back them up. You should scan the files for malware on the PC with the real-time protection after they are backed up (disconnecting the PC from the network before connecting the drive).
An alternative approach (though more expensive) is to purchase ReclaiMe RAID recovery software. If you are using XRAID or RAID-1, then connect one of the RN212 drives to a PC with a USB adapter/dock. If you are using jbod or RAID-0 you'll need to connect both. The PC wouldn't recognize the disk formatting, so it is insulated from the malware. Then use ReclaiMe to copy the files off the data volume to a USB disk. You'd still need to have the PC to be backed up, with real-time malware protection installed, and disconnected from your network - since the data files you are extracting from the NAS drive might be infected.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
