cyruspy Posted October 12, 2020 Share Posted October 12, 2020 (edited) Well, I got owned (somehow, I still don't know how). As I neglated to disable the default pendrive share, all the files related to the UNRAID installation are encrypted. Is there any known procedure to figure out disk roles in the disk set (volume configuration) in order to recover?, I recall that autodiscovery reading from the disks was not a feature. Edited October 12, 2020 by cyruspy Quote Link to comment
Stan464 Posted October 14, 2020 Share Posted October 14, 2020 if they are not showing in UnRAID UI there is no easy way to know. Sometimes the "New Config can assign this" but you may need to recover from Backups. Its advised to keep a Backup of your Flash Drive & Contents of your Array. Quote Link to comment
JorgeB Posted October 14, 2020 Share Posted October 14, 2020 You can mount each disk with the UD plugin (use the read-only mode), if there's just one parity there should be only one disk without a filesystem, that would be parity, do a new config and re-assign all disks (data disk order is not important with single parity) and check parity is already valid before array start, if you have dual parity post back since there are a few differences. Quote Link to comment
cyruspy Posted October 18, 2020 Author Share Posted October 18, 2020 Well, found an old backup of the initial setup. Used the initial config with less disks to figure out which drives are for parity, added the additional 4 disks that were included afterwards and market parity as OK. Filesystem mounted, and currently cleaning out encrypted files. 1 Quote Link to comment
Frank1940 Posted October 18, 2020 Share Posted October 18, 2020 Have you figured out how you got hit? In any case, you might want to consider making your server less of a target by taking some precautions. I would suggest you start by reading this thread: I have been using this for the past three years now and while a bit of a hassle, it does work smoothly. (Making shares private and then adding passwords only means that only some of the files will be encrypted because virtually always the malware is being run a client computer!) Basically, all of my shares are secure and without any user being assigned to any of them. That means that accessing a share via SMB, the accessing computer can only read files, not write to them. This scheme works best for write-once read-many type of operation. However, there are links to other protections schemes if this does not suit your mode of operation. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.