Computers. Internet, hacking and ransomware.

The problem, I suppose is us users want to be able to access our files, our bank and virtually everything via devices anywhere in the world, yet even the most computer literate of us are lax in our real understanding. The beauty of the NAS for me was I could work seamlessly at two locations, so I sort of forgot that this means the computers constantly talk to each other, and copy the new file at location A, computer one, to computer two at location B. The security of this system depends on me checking and making sure it's secure. I plugged it in - it worked, and that's where I stopped. Ransomware it seems, is not really a virus. It does what we all do regularly. Your computer takes your file, and you zip it to make it smaller, or contain loads of files. Zipping usually asks if you want to encrypt the data, and you might think up a password and give it no thought. Ransomware does this - a perfectly normal unsuspicious activity, but all it takes is one .exe file that instead of doing what you thought, starts the process of taking a file, encrypting it then saving it. AVG did not spot anything unusual going on. I'm using a different protection app now, which claims it will prevent this sort of thing ..... until the scammers get better. If we want access, we must accept potential criminals. Worse still, Macs are not immune to this kind of thing which, I always assumed they were, it was the poor Windows folk who were always victims. Data is not the same thing at all.

I'm thinking now that I just use the NAS for storage that I can access from both sites and stop using it to sync files. I'll do backups at each site and put these on the NAS. Much less convenient, but much safer. Needs me to do more things manually, but I think this is safer.

I wonder how many essential services are vulnerable? The UK health service was. It does seem you don't really need missiles when somebody can push a button abroad and shut down phones, the internet, communications, power generation, water supplies? Maybe that's paranoia, but my views on it have definitely shifted.
I would love it if one of those Youtube scam killer channels would find your scammer and broadcast his downfall for all to see. I love when they show the scammer a picture of themselves... or show them their address. F those guys.
Yesterday was a nightmare. I thought I had a handle on security, but not! I work in two locations and have a NAS drive so I can work in the home studio, drive to the office, work on a project, and go home and continue. I loaded up a video, not audio project in the office, that needed some sound work. No video files?

it was always someone else, now it’s me. PS AVG free was on all the computers. I now have something better. Too late for me, maybe not for you.
How did he hack you system? The only way I know to hack a system is by giving the credentials out - either on purpose or by accident.
So far, I have tied it down to two possibilities. a website with malicious code - the new protection software (total AV) detected a php file and quarantined it, or a direct attack on the NAS drive. This was set up so a number of folders on a specific drive in the video studio automatically sync with the nas, which then syncs with the video editing computer in the studio here. Another computer in the studio syncs it's cubase and audio files with the nas - which syncs with the iMac in the video studio that also runs cubase - this is uninfected as it's not been on this week.

The NAS needs to allow traffic in and out via the internet - so I suppose it is possible somebody managed to get in to the nas but the local expert says that's actually unlikely unless they were able to make it run some dodgy code. AVG did not stop the process because it's not a virus as such - compressing a file or folders with winzip and using an encryption key is the same process, so it's not flagged as a virus. Best guess? I downloaded something and ran it. I don't remember doing anything, but like today here - I downloaded some folders from drop box link. They were just folders, but clicking on an .exe file to update a driver or install the latest update for something could have started the process. The ransomware just looks on the drive for specific file types and one by one, encrypts them - adding in this case 0xxx to each file as it's scrambled. The new software claims it can find and prevent ransomware.

The beauty of a NAS is that you just save the file on your computer to a shared folder - it then saves a copy locally, and updates the NAS drive with a copy. At the other end, the NAS drive then updates the remote computer. If a file on the hard drive is scrambled, it spreads to the NAS and then to the other computer - 50 odd thousand files.

If I simply use the NAS as a private version of drop box, it is much more secure - I have to save to the local drive normally, then manually stuff the local to the NAS, then the other end, get the file off the NAS onto the other computer which is not transparent. Ideally I suppose the simplest thing would be to get it working exactly as before, and just do a regular backup of all local files - in my case, I'd probably have to have two backup drives - one for video and office type stuff and a separate one for Cubase. If the same thing happened, I'd just delete the compressed files (as I have had to this time without them all being backed top) and replace them with the last backup.

I'm not going to stop using the internet and being over protective. I got stung, badly. I'm thinking that maybe just a 4Tb external drive at both locations, or maybe even just one that I take with me will do the trick? Perhaps an 8Tb drive in a proper external drive case would work? Maybe keep it in a peli case. Every Monday I could copy the contents of PC1 to it, take it to the office and dump PC2 to it. I made the mistake of thinking the 16Tb NAS would be safe, automatic and simple. It worked perfectly to be fair, and maybe the new software will allow it to be safe again?

I'm not computer savvy enough to really judge?
Sorry to hear about your troubles.

One suggestion that I would make is to do a halfway house between fully automatic and manual. For many years I've been using a piece of software called Syncback Free. This is a very versatile program that allows you to synchronise disks. It will run automatically at a scheduled time but I prefer to start it going manually so that I can keep an eye on what it is doing. It will display the changes that it is going to make before it actually makes the changes so that you can catch any mistakes or any strange behaviour. It can work over the internet as well as on local drives (provided the remote server can do FTP).

I used to run Syncback automatically but at one point (due to my error in setting things up) ended up with the wrong files backed up. Nowadays I run Syncback once or twice per day and check which files it is going to back up before clicking Run. I also use it to back up files to large USB sticks as an added precaution.
Rob, are you using a VPN setup with your NAS? That should effectively lock it out from the world, but still give you complete control. Then all you need to worry about is the malicious code/phishing schemes which hopefully the AV software should cover.
Not to my knowledge - and how would you do it without anyone noticing?
I know how to hack into any Mac computer without knowing any password or user names. As for no-one noticing, well that's harder. But hack into a website or cloud system and I doubt anyone will have noticed. It's just much much harder.
I'm starting to rebuild bits and pieces as I find them. It's just a pain. I'm not angry anymore, but while I do have a VPN on two of the computers, the NAS itself I suppose is a risk. I'm more certain now that it is something I downloaded. While this macbook seems unharmed, the new protection (Total AV) did find some weird stuff - the usual trojan type virus, but also executables hiding inside other files that seem innocuous. It found them and quaranteened them. I suppose realistically, then I just need a proper backup routine and accept that if it happened once, it could happen again. I'm just not savvy enough to really sort this in any way other than deleting and reinstalling.

I do have one of the smaller hard drives that were in the NAS up to a couple of months back. One of a pair - raid 1 I think - maybe if I can mount this drive - an internet search suggests I'd need to use umbunto - which I'm clueless on - to be able to read the drive, but it would give me lots of the old images and documents. Maybe.
I discovered a feature where somebody trying to access my system could be blocked when they exceed certain numbers of attempts, so I enabled it - and immediately got blocks being recorded.

I discovered that these IP addresses come from all over!
Screenshot 2023-05-20 at 21.11.23.png
All that is on my website is content and code that is necessary to display the web pages.
I am amazed at how much un-necessary code gets downloaded when you access some websites, including compilable C source code.

Servers are prime targets for hacking, because they are always there.
The hackers may have got in years before you notice anything wrong.
They can copy all of your data by their code transmitting it as a trickle over a long period.
Total Av. I picked it because it got good reviews and avg clearly wasnt detecting this sort of stuff. To me with only a modest understanding of computer issues of this sort, it IS scary, knowing other computers are 24/7 searching the net like this. I’ve also been told macs were immune, but they’re not either! Just less attractive in quantity. The people I buy from in China who I have got friendly with all use vpns now to circumvent their internet restrictions. Factories using whatsapp now!
Wanted to thank Rob for the topic as it had me revisiting things on my end, to discover my weekly backup had stopped almost a month ago without any notification of an issue (but also have not been getting success notifications either, which just slipped my mind to notice). That wasn't tough to get working again.

This recent backup issue along with how widespread these malware issues are becoming had me signup for a $10 /month backup solution we use for some of our smaller business clients to get their files in the cloud. I definitely recommend CrashPlan as a solid product and the price is super competitive for what it offers. They also offer for more money a full backup solution that can recovery operating system installs as well as the unique personal files. I'm fine with what I have for operating system recovery, just wanted the projects, music, and pics to be somewhere other than my music room or safe. It's going to take a while to upload a couple terabytes.
I switched to a Linux operating system. Haven't had a blue screen, crash or hack in over ten years now.