Hi,
I've installed 2.06 version on 12 May, see my post in this discussion, when noticed on this forum, so I was confident to be protected against this ransomeware, and I never made a factory reset. In August I formatted volumes because some "disk full" and "power loss" events damaged the file system structure.
My DNS was exposed on Internet since some year and I've DynDNS service configured. Infection starts yasterday.
I've mounted one of two NAS disks on Windows (using an externa USB docking box and R-Studio utility) and I can see al files on it. In root, there is a directory called NAS_Prog, with two dirs inside: _install and cr1ptt0r. Install is empty, cr1ptt0r contains virus code (a lot of files .sh and some other directories.
Since I've shutdown NAS as I saw the infection, on disk there are still a lot of file not encripted but I cannot access them because R-Studio (in demo mode) don't allow me to save files on windows disk. I cannot also delete files on volume (R-Studio do not ever allow to delete files, nor in the registered version), so I don't known how to remove virus form system.
I there a way to boot NAS without load virus, to access files without buy a R-Studio licence, or you known another free utility to access files directly in Windows? My configuration is two 3TB disks in Raid1 with two volumes (JODB).
Thanks
Carlo Spigoli