So it was almost inevitable that I'd get hit eventually. Seems my QNAP NAS has been hit with what looks like an 'eCh0raix' variant or something along those lines. Lots of files encrypted with a .locker16 extension. Google hasn't turned up anything that has provided anything useful, but it shouldn't matter too much anyway. The good news is that all the important stuff was last backed up on Sunday, including all the photos, the backup has been tested and it's all there and working nicely for when I'm ready to reload it all to the NAS. For now it's sitting quietly waiting. But what is odd is that it seems that only some files were encrypted during the evening of the 17th then nothing more. It seems I've lost a couple of Windows VMs, but none of the Centos ones (all sitting in the same folder). (even though they are all the same format). An old iTunes backup seems to have all its album art encrypted as was some random photos buried in a backup of a photo book. But then the folders labelled "photos and videos" is untouched. The entire media library also appears to be fine. Despite me turning off all port forwarding there appears to be something dodgy on the NAS as it's opening up some ports via UPNP then getting hammered with log in attempts (which are all failing since I've disabled all accounts and reset the passwords for good measure). I've now firewalled off that device so it can't access the internet anymore. I've also disabled all services while I attempt to suck some of that media off the drives. It's almost like the encryption was done file by file and only while the remote link was up. No idea why all the issues appear to be at 8:30pm on the 17th then nothing either since I didn't discover it for about 24 hours. I'm in the midst of pulling off the media library since it's not backed up, most of it could be re-ripped from disc or re-acquired I'm sure, but when it's all just sitting there I sort of want to save it if I can, the downside being that I had to run out and purchase another 8TB drive which I didn't really want to spend money on. I'd really like to be able to just clean up the infection, but then I don't know if I would trust that machine anymore until I nuke it from orbit then start again from scratch. On a side note, copying multiple TB of data takes so so long, but while it will take a couple of days to restore everything, I should have zero loss of anything important and very minimal loss of anything else (although that last bit is pure luck). On a positive note, this will give me the opportunity to re structure the way things are stored on the NAS, something which has been 5 years in the making. The plan is to have two arrays instead of one (maybe one separate and single disk) so that I can put the IPCams and live services on that one drive and hopefully let the rest of the drives spin down when they are not actively being used.