Siwat2545

Connection only required during startup and array start operation so if the connection is down try 3g to start the array then connect the LAN cable to enable local access

I have disabled it temporarily for security Until I made sure all the client are clean I won't enable it and I will start an OpenVPN in an virtual network open an Samba Service on ubuntu put some bait file and see who encrypt it also OpenVPN are only available for Level 4 employees which only 16 peoples have it. The other end of the vpn Is a vpn router at my home so I can Access the network (only turn on when needed) and the other 16 node I will ask them Sent from my iPhone using Tapatalk

I have X10DAC and It work just fine Sent from my iPhone using Tapatalk

First yes I have A few ubuntu VM but no windows Vm Second I have check around 50 % of the pc connect to the server it seem clean Third yes we recently upgraded mysql docker forth it is exposed through OpenVPN Sent from my iPhone using Tapatalk

Well I feel dumb I have the data backup 3 month ago safely store at google cloud big data container but I did not backup the flash boot drive though I am contacting unraid right now I am going to mark this as solved when the server accept the key Thank you all for your help ,Siwat Sirichai Sent from my iPhone using Tapatalk

My worry is a replacement key can only be issue once a years and I still can't identify which of the machine that has the ransomware on it. Therefor if the USB drive got encrypted again I won't be able to use unraid for a years unless I got a new keys Sent from my iPhone using Tapatalk

I need to reconsider about security now ... Sent from my iPhone using Tapatalk

Oh the. How can I get my license key back ? Sent from my iPhone using Tapatalk

Sent from my iPhone using Tapatalk

It is totally running in runraid Sent from my iPhone using Tapatalk

Help update it just got in to unraid boot drive Sent from my iPhone using Tapatalk

Update Forgot the VMs cause vm have a high speed transfer rate to the unraid server Sent from my iPhone using Tapatalk

Because all my .vhdx and .sql .msdb and other related server environment file are the only one that got encrypt and I don't think with my 10 gigabit connection limiting to 5gbps per user by pfsense will get all the file encrypt in just 10 hours Sent from my iPhone using Tapatalk

Yup Just installed it after the damaged happen .... getting diagnosis also I think it is targeting unix not unraid Sent from my iPhone using Tapatalk

Ok Sent from my iPhone using Tapatalk

Mine is shared at /mnt/user/system and it is not shared Sent from my iPhone using Tapatalk

Hi I have a huge problem a ransomware got in to my unraid server. The server hold the company's databases so It can't be deleted Note - The Last edited by tag is "nobody/UNIXUSER (Same as created by tag) - The docker.img file which I DID NOT SHARE IT TO SMB OR SAMBA got encrypt The ransomware here is the ransom text *** ALL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED *** To decrypt your files you need to buy the special software – «Nemesis decryptor» You can find out the details / buy decryptor + key / ask questions by email: [email protected] Your personal ID: 979896082 So my conclusion is the ransomware must be running in unraid either it was (it isn't running now I use ps -ef and I did not find any wired processes If anyone know how to decrypt this please help Thank You

In bios according to your gpu pcie change form Legacy mode to EFI mode

I know the cause the gpu I got doesn't have reset so please look before buy Thank

Does anyone have any fix ?

Am I too late ?

Can I pass through 2 USB controler to 2VMs? Where can I put an second Pci stub

Ok if it work please mark this as Solve

But if you don't know what I am talking about then try this xml it might help <domain type='kvm'> <name>MediaVM</name> <uuid>2a9c8b93-34cd-f444-960c-5f6e799726b5</uuid> <metadata> <vmtemplate xmlns="unraid" name="Windows 10" icon="windows.png" os="windows10"/> </metadata> <memory unit='KiB'>6291456</memory> <currentMemory unit='KiB'>6291456</currentMemory> <memoryBacking> <nosharepages/> </memoryBacking> <vcpu placement='static'>12</vcpu> <cputune> <vcpupin vcpu='0' cpuset='0'/> <vcpupin vcpu='1' cpuset='1'/> <vcpupin vcpu='2' cpuset='2'/> <vcpupin vcpu='3' cpuset='3'/> <vcpupin vcpu='4' cpuset='4'/> <vcpupin vcpu='5' cpuset='5'/> <vcpupin vcpu='6' cpuset='6'/> <vcpupin vcpu='7' cpuset='7'/> <vcpupin vcpu='8' cpuset='8'/> <vcpupin vcpu='9' cpuset='9'/> <vcpupin vcpu='10' cpuset='10'/> <vcpupin vcpu='11' cpuset='11'/> </cputune> <os> <type arch='x86_64' machine='pc-i440fx-2.3'>hvm</type> </os> <features> <acpi/> <apic/> <hyperv> <relaxed state='on'/> <vapic state='on'/> <spinlocks state='on' retries='8191'/> <vendor id='none'/> </hyperv> </features> <cpu mode='host-passthrough'> <topology sockets='4' cores='3' threads='1'/> </cpu> <clock offset='localtime'> <timer name='hypervclock' present='yes'/> <timer name='hpet' present='no'/> </clock> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <emulator>/usr/local/sbin/qemu</emulator> <disk type='file' device='disk'> <driver name='qemu' type='raw' cache='writeback'/> <source file='/mnt/cache/vdisks/MediaVM/vdisk1.img'/> <target dev='hdc' bus='virtio'/> <boot order='1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> </disk> <disk type='file' device='cdrom'> <driver name='qemu' type='raw'/> <source file='/mnt/cache/vdisks/Windows.iso'/> <target dev='hda' bus='ide'/> <readonly/> <boot order='2'/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> <disk type='file' device='cdrom'> <driver name='qemu' type='raw'/> <source file='/mnt/cache/vdisks/virtio-win-0.1.110.iso'/> <target dev='hdb' bus='ide'/> <readonly/> <address type='drive' controller='0' bus='0' target='0' unit='1'/> </disk> <controller type='usb' index='0' model='ich9-ehci1'> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x7'/> </controller> <controller type='usb' index='0' model='ich9-uhci1'> <master startport='0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0' multifunction='on'/> </controller> <controller type='usb' index='0' model='ich9-uhci2'> <master startport='2'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x1'/> </controller> <controller type='usb' index='0' model='ich9-uhci3'> <master startport='4'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x2'/> </controller> <controller type='pci' index='0' model='pci-root'/> <controller type='ide' index='0'> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> </controller> <controller type='virtio-serial' index='0'> <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> </controller> <interface type='bridge'> <mac address='52:54:00:69:93:2f'/> <source bridge='br0'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> <serial type='pty'> <target port='0'/> </serial> <console type='pty'> <target type='serial' port='0'/> </console> <channel type='unix'> <source mode='connect'/> <target type='virtio' name='org.qemu.guest_agent.0'/> <address type='virtio-serial' controller='0' bus='0' port='1'/> </channel> <input type='tablet' bus='usb'/> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> <graphics type='vnc' port='-1' autoport='yes' websocket='-1' listen='0.0.0.0' keymap='en-us'> <listen type='address' address='0.0.0.0'/> </graphics> <video> <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </video> <memballoon model='virtio'> <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/> </memballoon> </devices> </domain>

Logical "Core" or Logical "CPU" CPU mean 1 cpu chip core mean the processing unit inside it