0XXX Virus

Please help.

My Cloud all files have been encrypted by Ransomware.

All your files have been encrypted with 0XXX Virus.
Your unique id: -
You can buy decryption for 300$USD in Bitcoins.
To do this:

  1. Send your unique id - and max 3 files for test decryption to iosif.lancmann@mail.ru
  2. After decryption, we will send you the decrypted files and a unique bitcoin wallet for payment.
  3. After payment ransom for Bitcoin, we will send you a decryption program and instructions. If we can decrypt your files, we have no reason to deceive you after payment.

Current Version 5.16.105
No, I don’t have backups =(

dswv42: Sorry but I don’t have IT knowledge only overall.
No ports open on the router.
I never shared my files with the public users and yes it is protected by a password.

The most interesting thing is that only files on mycloud.com infected with a virus.
My MacBook is clean

WD NAS users be on your guard because no one is safe from this attack !

My Ex2 NAS Public files has also been encrypted by 0xxx virus in July 2021.
WD did not assist me in identifying the source of such a serious security problem.
I have bkup of files and I just lost days of work to restore my files.
What is curious is that only files on the Public shared folder has been encrypted and not other folders. So, I deactivated the public sharing.
What is most troubling is the actual security of UltraEx2 NAS. As a security aware developer I don’t understand how the NAS has been infected. The NAS is firewall protected, the passwords are strong, there are no third parties applications, no other computers (Linux and OSX) has been infected on my home network. The virus encryption was made by the NAS processor as the files timestamps and the slow network it is installed on.
YES, this is very annoying not to know how it has been infected and it could be suspected that it was during a NAS firmware update, so WD responsibility.
MOREOVER, I have no idea if the virus has been deleted from the NAS OS and why it did only encrypt the Public folders.

Since then, I have installed the antivirus application and executes it every night but it has not detected any virus and I suppose it does not delete virus in the NAS OS but only in files.

Any advice to protect our NAS is very welcome !

1 Like