- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
ransom ware restoration
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ransom ware restoration
RN524X00 RUNNING FW: V6.6.1
PAID THE RANSOM BUT THIEF'S CHANGED USER ID AND PASSWORD AND I HAVE NO ACCESS TO GET TO THE DATA. I need help if Netgear can provide any work around for me to gain access to the data that is still on the NAS
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ransom ware restoration
@BBuzz wrote:
RN524X00 RUNNING FW: V6.6.1
PAID THE RANSOM BUT THIEF'S CHANGED USER ID AND PASSWORD AND I HAVE NO ACCESS TO GET TO THE DATA. I need help if Netgear can provide any work around for me to gain access to the data that is still on the NASu
No support from Netgear anymore.
One option is to do an OS-reinstall from the boot menu. That will reset the admin password back to password. Before you do that I suggest blocking internet access to the NAS from your router.
Another option is to get a 4-bay USB disk enclosure, and move the disks into the enclosure. Power down the NAS first, and label the disks by slot number as you remove them. Connect the USB enclosure to a Windows PC, and see if ReclaiMe (RAID recovery software) can find the files. You can download ReclaiMe for free to check this, but you'll need to purchase it in order to actually offload the data.
Either way, if the files are still encrypted you are out of luck.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ransom ware restoration
@StephenB wrote:
Either way, if the files are still encrypted you are out of luck.
Maybe not, if snapshots are available. Unfortunately, that's not always a solution unless you have a lot of unused space on the NAS. If the NAS had insufficient space to store the "new" encrypted files, it'll delete snapshots to make way.
If an OS re-install doesn't get your access back, then you may also be able to access your files via tech support mode.
I am wondering why you believe the attacker changed (or maybe removed) the admin user name.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ransom ware restoration
We have tried to gain access to the stored information after payment but are unable to use any past user ID or passwords. There wasn't any further communication with the thief's after payment. Is there something we are unaware of from other knowledge you may have gained that we should do to get to our info? Of course, this is the first (and hopefully the last time experiencing this ransom situation)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ransom ware restoration
@BBuzz wrote:
We have tried to gain access to the stored information after payment but are unable to use any past user ID or passwords.
Are you saying that when you go to the NAS admin page ( https://nas-ip-address/admin ) you cannot log into that site with the NAS admin credentials?
As I mentioned, you can do an OS-reinstall that will reset the admin password back to password.