Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Any solution to fixing recent ransomware (checkmate) attack?

Featured Replies

First off, does anyone know of a decryptor, brute force or whatnot, that could work to decrypt Checkmate ransomware files? I have been unsuccessful in finding a solution so far...

or possibly anyone who has dealt with this specific thing if they can aim me in the right path for a solution? Maybe a security group has a decryptor but its not free? I would be willing to pay as long as its not too pricey...

 

Unfortunately my unraid is pretty stock as far as my SMB shares go... I did not set up any back up, I did not have any 'snapshots' plugin installed or configured... I was told that the nature of the attack is that it will encrypt files and then delete the original, but I dont know how to go about this... I never installed the 'recycle bin' plugin either...

 

I feel super stupid, i was installing a docker and had opened the wrong port range on my firewall, i imagine i was scanned and my smb port that was open was exploited. I have been all over reddit and in forums on here but I have not found a solution. Any help would be much appreciated!

Typically, modern encryption is next to impossible to break unless the keys are compromised. If that was not the case, I would be hesitant to keep my money in banks which allow moving money online. I think your attempt to break encryption is wishful thinking unless this particular attack itself has a vulnerability. Maybe other security related forums will give you a better answer, this isn't an unraid question and people here may not be experts on what you are asking anyway

  • Author

I guess unless someone in this community has good feedback directly to such an attack im out of luck....

On another note that probably more aimed towards the gurus or knowledge base of this community, if anyone knows of a possible way to recover deleted files off an unraid data pool that may be my way out... if its true that the original file gets deleted upon encryption.. I would love to just recover data and delete all these files if thatd work.

  • Community Expert

I don't know of any way to get back the encrypted data unless the bad guys have reused a encrypting key that has been sent to someone (probably after paying for it) who then posted it online.  (Google will be your friend to do this search!)

 

I put together a scheme which can be used to protected against direct attack by ransomware a few years back.  Depending on your Unraid use, it can be an usable option to protect against future attacks.  (I use it to protect my data backups and Media files.  In my case, these files are the largely write-once/read-many type.  I am currently using Dynamix File Manager to do any required file maintenance on the protected shares.  It will probably not work if you are reading and re-writing files on an Unraid server Share on a regular basis.  However, you could schedule a backup of that Share to another protected Share...)

 

https://forums.unraid.net/topic/58374-secure-writing-strategy-for-unraid-server-using-write-once-read-many-mode

 

You really need a data backup scheme where there is a complete disconnect between the backup for mission critical data and the user Internet connected computers except when the backup process is being performed.   If the exposure potential is high (or the total costs associated with the data loss is high), then you need to really think things through very carefully to minimize the risks and potential financial losses. 

 

By the way, your Unraid server is not a backup if the only copy of the data is on that server.  There are a lot of things-- fire, floods, theft ---that can result in the total loss of a server!   There should be a second copy of it on separate media-- preferably offsite.  (Mine are on one of several external USB hard drives stored in a Safety Deposit box and updated drive with a current backup is exchanged for one of those drives on a regular schedule.) 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.