Osmc / nas infected with virus?

Hi, yesterday I enabled the web access on osmc, sometime tonight all my media was infected with a nyton virus, so I strongly suspect that was the way I went in, I thought I had a really strong password but it must have found a way anyway. The virus encrypts all media files and you must pay bitcoin to unlock it, has anyone been a victim of this virus? I guess I have to delete and redownload again… unless there is a free way to unlock them… Do you think this virus is still in the drive somewhere? / on kodi?

Sorry to hear this

What NAS do you have and what software is it running?

More importantly, there could be another machine on your network that is compromised.

Its Synology DS215j with the latest version, but it has a firewall I think that blocks unwanted ip´s that seem to attack regularly but maybe they found a way in through lodi’s web access,
luckily the picture backup with personal home movies and pictures are unaffected.

seems this is a windows virus but somehow kodi is affected too, should I restore kodi from my backup version?

Do you mean you opened the OSMC/Kodi Webinterface to the Internet? That should really not be done. Even other ports of OSMC should generally not be open to the internet without implementing additional security options on OSMC.
While the Nyton virus doesn’t sound like a Virus spreading via a hacked Linux system but more likely via a PC (email) that has access to your NAS that stores the files.

yes, in order to update the kodi library from sonarr you need to enable web acess.

Not internet access you don’t.
Have you opened ports on your router?

1 Like

na synology uses upnp to open ports so my guess is that webadmin was open and user got rolled over…

the user in this case needs to secure his router and start over :slight_smile:

the router has firewall enabled, I will install a virus/malware protector on the nas, start downloads again and see if the files will be left alone, good plan?

Unfortunately your router firewall won’t do any good if you have ports open to allow remote access to your NAS, etc.

I would start by closing any ports you might have opened. If you haven’t already, you should definitely wipe the OSMC device if it was infected with the malware. I would also strongly recommended checking all your other devices on the network.

Password strength these days is in length, not necessarily complexity. Plus if you use your password elsewhere, it’s probably already available in a data breach. Check your passwords here:

(This uses k-anonymity so that your actual password is never transmitted to the database it is checked against).

when you say wipe, does a simple reinstall work?

disable upnp in the router

2 Likes

Are you using a Raspberry Pi or Vero? I only have experience with a Raspberry Pi; I would format the SD card and do a clean reinstall after that. I would take precautions to ensure the SD card wasn’t automatically mounted, though. If you’re sure the SD card is infected with ransomware, I’d be inclined just to replace it. SD cards are reasonably cheap these days.

I use a vero, how can I do a clean installation, just doing a backup and reinstalling might not remove any lingering virus?

I’m sorry, I don’t know regarding the Vero. Others will need to advise on this point.

If you backup an infected device, though, then your backup will also be infected.

https://osmc.tv/wiki/vero-4k/reinstalling-osmc/

3 Likes

Can you explain what the ‘additional security options’ would be buddy?

Ive put together an Alexa Skill, and I’ll need to open some ports to get it working.

  1. Keybased SSH access only
  2. 2FA authentification
  3. fail2ban
  4. Individual Firewall with iptables for specific IP ranges
2 Likes

and for god sake dont open ports to kodi webserver cause security in that is a joke

https://osmc.tv/wiki/general/keeping-osmc-secure/
https://www.google.com/search?q=Kodi+Webserver+Security+Advisory+Exploits

Ahhhh, thats gonna be an issue.