February 23, 20233 yr Some of my shares just got infected with .checkmate ramson. I honestly dont know what to do and where to start. Most of my shares are okay so I guess it was another family members fault (which all their shares are inffected). I got a .zip backup of the flash drive from around january so my question is, could I save some data if I flash the backup? does that mean the array is going to be rebuild? I have already backed up all my files just in case so losing my files on the unraid server is not a big deal. I have already deleted share access from all my pcs. Thanks in advance.
February 23, 20233 yr The flash drive only contains the OS binaries and your unraid configuration, which gets unpacked on boot and runs completely from RAM after that (except for any config updates etc that may need to be written back to usb) The actual data itself sits on the drives. If that is corrupted, the best bet it to identify what corrupted it, remove that first (a fresh USB drive will help if the Ransomware was injected via OS, it won't help if it's running from a computer connected to the share) As for data itself, the cleanest way is to restore from a backup once you have fixed the attack itself
February 23, 20233 yr Community Expert 8 hours ago, Robert Urrutia said: Some of my shares just got infected with .checkmate ramson. I honestly dont know what to do and where to start. Most of my shares are okay so I guess it was another family members fault (which all their shares are inffected). First thing I would do is to make all of your shares 'read-only' for all users. This is prevent any additional files from being infected until you are certain your local network is cleared of the malware. (If someone needs read-write type access, copy the file to the local client and do what is required with the copy on the local client.) Once you have addressed the problem and figured out how the malware was injected into your network, I will point you to a thread where a strategy for protecting shares that are 'write-one, read-many' is presented. https://forums.unraid.net/topic/58374-secure-writing-strategy-for-unraid-server-using-write-once-read-many-mode#comment-572532 I realize that this method will not be workable for all shares but it can provide protection in many cases with only a minimum of disruption to the work flow. (For example, I know that most media players require 'read-only' access to files during playback.)
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.