Jump to content

QNAP files got infected muhstik


rev.dennis

47 views

My ex is coming after me again for more money so I went to my QNAP drive for my archived records and saw most of the files had this .muhstik at the end of the file.  I tried to open the file and the computer doesn't know what application to open .muhstik type files with.

You can't do anything with these files since they are "encrypted" (so just give up trying to rename or use malware or antivirus programs.  I've tried with no success)

So somehow the Ransomware has infected the QNAP (which mind you its typically just QNAPs, not found on other NAS devices, just QNAP which makes me think the hacker got login information from QNAPs database)

The ransomware goes through and encrypts each file and leaves a README_FOR_DECRYPT.txt file throughout your file system.  If you open the file it will provide you with the key you would provide the hacker after paying hundreds if not thousands of dollars and they would send you the decrypt key.

LUCKILY we have some ethical hackers (to prove not all hackers are bad)..  This ethical hacker (good guy or girl) hacked the hacker and obtained the unencrypt keys and shared with everyone.  If this helps you in anyway, you should send the guy a few dollars for helping you save all your data.

More information can be found here

I can tell ya I copied all the files to a another drive

ran the decrypt with the unencrypt key that matched the encrypt key found in the README....

Important note: I had to run the decrypt several times before I got all files fixed.  What I did was before running the decrypt I counted how many files on the system with .muhstik and then ran the decrypt and when it bombed I counted the files again and it was about a million files less each time.

Then you copy the files back to your QNAP... but, make sure its protected against ransomware which these articles may help

https://www.qnap.com/en/security-advisory/nas-201907-11

0 Comments


Recommended Comments

There are no comments to display.

Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...