randypfau Posted April 2, 2023 Share Posted April 2, 2023 First off, does anyone know of a decryptor, brute force or whatnot, that could work to decrypt Checkmate ransomware files? I have been unsuccessful in finding a solution so far... or possibly anyone who has dealt with this specific thing if they can aim me in the right path for a solution? Maybe a security group has a decryptor but its not free? I would be willing to pay as long as its not too pricey... Unfortunately my unraid is pretty stock as far as my SMB shares go... I did not set up any back up, I did not have any 'snapshots' plugin installed or configured... I was told that the nature of the attack is that it will encrypt files and then delete the original, but I dont know how to go about this... I never installed the 'recycle bin' plugin either... I feel super stupid, i was installing a docker and had opened the wrong port range on my firewall, i imagine i was scanned and my smb port that was open was exploited. I have been all over reddit and in forums on here but I have not found a solution. Any help would be much appreciated! Quote Link to comment
apandey Posted April 2, 2023 Share Posted April 2, 2023 Typically, modern encryption is next to impossible to break unless the keys are compromised. If that was not the case, I would be hesitant to keep my money in banks which allow moving money online. I think your attempt to break encryption is wishful thinking unless this particular attack itself has a vulnerability. Maybe other security related forums will give you a better answer, this isn't an unraid question and people here may not be experts on what you are asking anyway Quote Link to comment
randypfau Posted April 2, 2023 Author Share Posted April 2, 2023 I guess unless someone in this community has good feedback directly to such an attack im out of luck.... On another note that probably more aimed towards the gurus or knowledge base of this community, if anyone knows of a possible way to recover deleted files off an unraid data pool that may be my way out... if its true that the original file gets deleted upon encryption.. I would love to just recover data and delete all these files if thatd work. Quote Link to comment
Frank1940 Posted April 2, 2023 Share Posted April 2, 2023 I don't know of any way to get back the encrypted data unless the bad guys have reused a encrypting key that has been sent to someone (probably after paying for it) who then posted it online. (Google will be your friend to do this search!) I put together a scheme which can be used to protected against direct attack by ransomware a few years back. Depending on your Unraid use, it can be an usable option to protect against future attacks. (I use it to protect my data backups and Media files. In my case, these files are the largely write-once/read-many type. I am currently using Dynamix File Manager to do any required file maintenance on the protected shares. It will probably not work if you are reading and re-writing files on an Unraid server Share on a regular basis. However, you could schedule a backup of that Share to another protected Share...) https://forums.unraid.net/topic/58374-secure-writing-strategy-for-unraid-server-using-write-once-read-many-mode You really need a data backup scheme where there is a complete disconnect between the backup for mission critical data and the user Internet connected computers except when the backup process is being performed. If the exposure potential is high (or the total costs associated with the data loss is high), then you need to really think things through very carefully to minimize the risks and potential financial losses. By the way, your Unraid server is not a backup if the only copy of the data is on that server. There are a lot of things-- fire, floods, theft ---that can result in the total loss of a server! There should be a second copy of it on separate media-- preferably offsite. (Mine are on one of several external USB hard drives stored in a Safety Deposit box and updated drive with a current backup is exchanged for one of those drives on a regular schedule.) Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.