Quick Security-LegendaryDisk Security-DiskStation Security Ransomware

I`ve been hacked, the text of the rescue note is this: 

"Hello
This is DiskStation Security......

Anyone knows what ransomware is?

 

 
Yes and I have merged your topic into the primary support topic for victims of this ransomware.

Unfortunately, my Synology NAS has also been affected by DiskStation Security ransomware.

At some point, the entire database was deleted, leaving only the !!!!README!!!!.txt ransom note.

Apart from paying them in Bitcoin, does anyone have any methods to resolve this?

For instance, is it possible to recover the deleted data from the hard drive?

Edited by tharphym, 22 February 2024 - 10:44 AM.

When dealing with ransomware, in some cases the use of file recovery software  or JpegMedic ARWE may be helpful to recover (not decrypt) some of your original files but there is no guarantee that it will be successful. However, it never hurts to try in case the malware did not do what it was supposed to do. It is not uncommon for ransomware infections to sometimes fail to encrypt all data, fail to leave ransom notes, fail to delete all shadow copy snapshots, fail to add an extension, add an extension but fail to encrypt files, especially if the encryption process encountered encryption glitches, involved shoddy malware programming code, was hindered by installed security software or was interrupted by the victim...i.e. shutting down the computer).

 
In other cases the ransomware may only partially encrypt a file (first so many KB's at the beginning and/or end especially if it is very large). Since only parts of the file may actually be encrypted, data recovery software sometimes work to recovery partial files with certain ransomware infections but not work with those which overwrite data. However, partial (intermittent) encryption often results in file corruption and renders the encrypted data useless since the encryption is usually irreversible for these files...the encryption code overwrites part of the file with the encrypted data of another part and there is no way to restore the overwritten data.
 
With some other types of ransomware, it is even possible to manually recover/reconstruct (file repair) certain file formats (i.e. .JPG and audio/video files) since the malware only encrypts 150KB of the file as explained here by Demonslay335. 
 
Although it never hurts to try this approach, in the end most victims may have no choice but to backup/save encrypted data as is and wait for a possible solution at a later time.

Thank you for the response. It seems I can only hope that  file recovery software can salvage some of the data.

When dealing with ransomware, in some cases the use of file recovery software  or JpegMedic ARWE may be helpful to recover (not decrypt) some of your original files but there is no guarantee that it will be successful. However, it never hurts to try in case the malware did not do what it was supposed to do. It is not uncommon for ransomware infections to sometimes fail to encrypt all data, fail to leave ransom notes, fail to delete all shadow copy snapshots, fail to add an extension, add an extension but fail to encrypt files, especially if the encryption process encountered encryption glitches, involved shoddy malware programming code, was hindered by installed security software or was interrupted by the victim...i.e. shutting down the computer).
 
In other cases the ransomware may only partially encrypt a file (first so many KB's at the beginning and/or end especially if it is very large). Since only parts of the file may actually be encrypted, data recovery software sometimes work to recovery partial files with certain ransomware infections but not work with those which overwrite data. However, partial (intermittent) encryption often results in file corruption and renders the encrypted data useless since the encryption is usually irreversible for these files...the encryption code overwrites part of the file with the encrypted data of another part and there is no way to restore the overwritten data.
 
With some other types of ransomware, it is even possible to manually recover/reconstruct (file repair) certain file formats (i.e. .JPG and audio/video files) since the malware only encrypts 150KB of the file as explained here by Demonslay335. 
 
Although it never hurts to try this approach, in the end most victims may have no choice but to backup/save encrypted data as is and wait for a possible solution at a later time.

You're welcome and good luck.