Zahuczky

Hey guys!

This is kind a warning for everyone, having a home server/NAS with SMB enabled, and (presumably) having open ports for it for the internet.
The TL;DR is, that the named ransomware, 0xxx, most likely uses some kind of exploit in SMB that let's them encrypt your files remotely, without ever running any code on your machine. So you should probably look out for that.

The reason I'm posting about it here is that it's really not well documented at the moment, and I could only find a handful of discussions about it online, as sadly I've been hit with it today. (thankfully, no mission critical file was lost, as I've had backups elsewhere of everything)
The only proper discussion about the virus can be found here, if you're interested: 0XXX (NAS) Ransomware (.0xxx) Support Topic - Ransomware Help & Tech Support (bleepingcomputer.com)
Strangely enough, attacks have been happening for a year now, but there's really not much discussion about it online I could find. 
 
The thing that most threw me off regarding this, is that someone on that thread reported not having any open ports on their network, so it's strange they got hit with it.
As I'm not very well knowledged in networking protocols, I'm not totally sure how it happened, so my main concern right now is how to defend against something like this in the future, and to know exactly what caused it, just out of curiousity. 

Here's some info about my setup: (yes, you might say I was really asking for it)
The attack happened at 6 AM, assuming from the modification date of the files encrypted. I didn't have any other computers turned on at that moment.
The main porpuse of my NAS is sharing media files over the network, like watching movies on my xbox, or accessing them from a different computer. 
But I also had Transmission running on it, because I use it as my main torrenting device for media files.
I had the ports 20-21(ftp), 443(https) and 51413(transmission) open for the internet, mainly for remote acces porpuses.
Funnily enough, I also had DMZ enabled for the NAS, so it could entirely exist outside of my routers firewall. (for ease of access porpuses)
If I remember correctly(the nas is turned off at the moment, and I'm not planning to turn it back on until I have the time next week to sort everything out) SMB, FTP and Windows File Sharing was enabled on the NAS.
For once again, for ease of acces porpuses I didn't even had any passwords set up for the shares, so they were wide open.
 
As of writing this, because of the nature of the virus, I haven't found any traces of the virus on any other local machine, and right now I'm comfortable using them. But just in case, how concerned should I be about also wiping all my windows machines? To my knowledge, my NAS didn't have acces to files on my computer thankfully.
 
So, when I get to sorting this out, what should I look out for, what should I do somehow else?
General discussion about the plausible workings of the virus is welcome as well. 
 
 

Hey Guys!

I got my hands on(for free) on an HP Pro 3500 Series MT prebuilt PC, without a GPU, and a Pentium CPU. (Link for specs: HP Pro 3500 Microtower PC Product Specifications | HP® Customer Support)
I would like to upgrade it, to a decent little gaming machine. I'm planning on replacing the CPU to an i5-3470, and adding an RX560 4GB(one wich doesn't need a 6 ping psu cable).
As it is, it has a 300W PSU, and according to this page https://outervision.com/b/6kJMYe 300W should be enough for everything. I'm just a bit concerned, if it's REALLY enough for everything. I would like to hear your opinion and recommendations about it.
Also, is there anything else with these kind of prebuilts to account for, before starting upgrading? 

I figured out. for i:=1 to n do val(sdatum, datum); {sdatum is the string form of it and datum is another array but of integer}
Thank you for your help!