Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

ransomware attack, can't figure out origin

Featured Replies

 

i'm a pretty uneducated unraid user and tonight i've gotten hacked and I'm stuck wondering at what level they had access to my server. if anyone could help me figure out what happened and how I can prevent this + if I need to wipe my system.

Posting diagnostics

 

yoosh-diagnostics-20241130-0337.zip

Edited by hauntology

  • Community Expert

Typically, is another device that infects the server via SMB, assuming the server is not directly exposed to the internet.

  • Author

@JorgeB

i did have my media share mapped and open in share settings, since the attack ive set it to secure and yes hidden.

i also discovered I’ve had dynamic unraid connect on upnp for remote access and i shut that off too, slowly reinstalling a few files to leave on there for a few days before I start getting it all back.

thank you for your advice

  • Community Expert

If you have write permission turned on to the share(s), you are still at risk.  Most of the time, the Malware will be installed on one of the client computers.  As soon as you connect to the server, it has all the info it needs to do its work.  (By the way, Windows SMB clients stay logged into the server until one of the two is physically powered down!) 

 

You need to do a lot of googling with the information that you have (or can discover through investigation) about actual Malware software you have to find out how to clean the malware from your entire system.  

  • Community Expert
9 hours ago, hauntology said:

@JorgeB

i did have my media share mapped and open in share settings, since the attack ive set it to secure and yes hidden.

i also discovered I’ve had dynamic unraid connect on upnp for remote access and i shut that off too, slowly reinstalling a few files to leave on there for a few days before I start getting it all back.

thank you for your advice

Neither of those should necessarily have let ransomware in so you definitely need to look at any client devices.

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.