All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: QNAP RAID-1 - Qlocker ransomware success recovery
PostPosted: May 18th, 2021, 8:24 
Offline

Joined: December 14th, 2020, 11:51
Posts: 50
Location: France
Hello,

Last week, I got a customer with a QNAP RAID-1 infected by QLocker.

QNAP was considered as fully encrypted and ransomware process was completed. Customer couldn't get any data using normal way. He tried various trick he found on internet related to this subject, no luck.
https://www.qnap.com/static/landing/202 ... sponse/en/

I rebuild the RAID and did a RAW recovery. Result is really good, customer happy.

Thanks
Suricate.ch


Top
 Profile  
 
 Post subject: Re: QNAP RAID-1 - Qlocker ransomware success recovery
PostPosted: May 19th, 2021, 9:50 
Offline
User avatar

Joined: May 13th, 2019, 7:50
Posts: 907
Location: Nederland
Nice. Do you have some idea about percentage of files you were able to recover this way?

_________________
Joep - http://www.disktuna.com - video & photo repair & recovery service


Top
 Profile  
 
 Post subject: Re: QNAP RAID-1 - Qlocker ransomware success recovery
PostPosted: May 26th, 2021, 8:43 
Offline

Joined: December 14th, 2020, 11:51
Posts: 50
Location: France
today, I got a feedback from customer, we recovered 80% of the pics/video.


Top
 Profile  
 
 Post subject: Re: QNAP RAID-1 - Qlocker ransomware success recovery
PostPosted: May 26th, 2021, 10:23 
Offline
User avatar

Joined: May 13th, 2019, 7:50
Posts: 907
Location: Nederland
Oh Nice!

_________________
Joep - http://www.disktuna.com - video & photo repair & recovery service


Top
 Profile  
 
 Post subject: Re: QNAP RAID-1 - Qlocker ransomware success recovery
PostPosted: July 26th, 2023, 18:02 
Offline
User avatar

Joined: April 22nd, 2015, 20:32
Posts: 413
Location: Portugal
Spotmen wrote:
Hello,

Last week, I got a customer with a QNAP RAID-1 infected by QLocker.

QNAP was considered as fully encrypted and ransomware process was completed. Customer couldn't get any data using normal way. He tried various trick he found on internet related to this subject, no luck.
https://www.qnap.com/static/landing/202 ... sponse/en/

I rebuild the RAID and did a RAW recovery. Result is really good, customer happy.

Thanks
Suricate.ch


Considered fully encrypted by who?
A) A retard.
B) QNAP tech support (who couldn't care less about ransomware?)

If it was fully encrypted, there was no way rebuilding the raid and doing a raw scan give you the files back.

What happened was that the encryption was cut short and client got really lucky.

_________________
BTC Wallet - 3AoQPTBsz9PbfoanCx44Lw76Y2TwtKa1x5
Instagram https://www.instagram.com/datarecovery_morde.pt/


Top
 Profile  
 
 Post subject: Re: QNAP RAID-1 - Qlocker ransomware success recovery
PostPosted: July 27th, 2023, 11:00 
Offline
User avatar

Joined: May 13th, 2019, 7:50
Posts: 907
Location: Nederland
Quote:
What happened was that the encryption was cut short and client got really lucky.


This is a thing I have seen happen. I once helped someone with a recovery (carving JPG's) and success rate was so good it really got me puzzled. After which I found large portion of files was never actually encrypted. In an other case I discovered encryption was only few directories deep. Deeper nested directories were fine. Ransomware encryptors need time and can contain bugs just like any other software.

_________________
Joep - http://www.disktuna.com - video & photo repair & recovery service


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group