I need help with mounting drives (OMV hacked ransomware new install)

perkunas · Apr 20th 2024

My OMV got hacked ransomware all files encrypted.

I'm trying to do a new install OMV. The hard drives show up as raid 10 (this is what I want). But I cant wipe them, the quick wipe does not work, and the long one goes to 99 percent then fails. I cant create a file they do not show up. Maybe i need to do this command line not sure I'm no expert need help.

tnx

gderf · Apr 20th 2024

I have no help for your problem, but I am curious to know what services you had exposed to the internet that allowed you to be attacked.

ryecoaaron · Apr 20th 2024

Quote from perkunas

The hard drives show up as raid 10 (this is what I want). But I cant wipe them, the quick wipe does not work, and the long one goes to 99 percent then fails. I cant create a file they do not show up. Maybe i need to do this command line not sure I'm no expert need help.

I would delete the array and then quick wipe each disk in the array. Then recreate the array.

ryecoaaron · Apr 20th 2024

Why are you using snapraid with mdadm raid? What is the output of: cat /proc/mdstat

perkunas · Apr 20th 2024

It still in raid, yet snapraid shows nothing no drives no array nothing.

Under disks the quick format wont work and the secure one fails at 99 percent.

This cant be that hard.

root@NAS:~# NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS

sda 8:0 0 238.5G 0 disk

├─sda1 8:1 0 237.5G 0 part /

├─sda2 8:2 0 1K 0 part

└─sda5 8:5 0 976M 0 part [SWAP]

sdb 8:16 0 5.5T 0 disk

└─md127 9:127 0 10.9T 0 raid10

sdc 8:32 0 5.5T 0 disk

└─md127 9:127 0 10.9T 0 raid10

sdd 8:48 0 5.5T 0 disk

└─md127 9:127 0 10.9T 0 raid10

sde 8:64 0 5.5T 0 disk

└─md127 9:127 0 10.9T 0 raid10

root@NAS:~#

perkunas · Apr 20th 2024

root@NAS:~# cat /proc/mdstat

Personalities : [raid10] [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4]

md127 : active (auto-read-only) raid10 sdc[3] sdd[0] sde[2] sdb[1]

11720780800 blocks super 1.2 512K chunks 2 near-copies [4/4] [UUUU]

bitmap: 0/88 pages [0KB], 65536KB chunk

unused devices: <none>

root@NAS:~#

Not sure what this means...

ryecoaaron · Apr 20th 2024

Quote from perkunas

Not sure what this means...

Post the output of:

sudo mdadm --readwrite /dev/md127

sudo wipefs /dev/md127

And you still didn't say why you are using snapraid.

perkunas · Apr 20th 2024

I will post the output in a second. The original raid was made in snapraid, and the mdadm raid i don't understand where is it or how to use it.

perkunas · Apr 20th 2024

root@NAS:~# sudo mdadm --readwrite /dev/md127

root@NAS:~# sudo wipefs /dev/md127

DEVICE OFFSET TYPE UUID LABEL

md127 0x438 ext4 8f16d950-088e-4e9c-a258-15b6abb919d6

root@NAS:~#

ryecoaaron · Apr 20th 2024

Quote from perkunas

The original raid was made in snapraid, and the mdadm raid i don't understand where is it or how to use it.

snapraid and md raid are VERY different. you have md raid. Which do you want?

perkunas · Apr 20th 2024

I can mount a file system /dev/md127 [EXT4, 10.91 TiB] I have no Idea what this is, it could be the raid.

ryecoaaron · Apr 20th 2024

Quote from perkunas

have no Idea what this is, it could be the raid.

Yes, there is a raid 10 array with an ext4 filesystem on it. You aren't answering my other questions so I don't know what you are trying to do. You should be able to mount the filesystem and do what you want.

perkunas · Apr 20th 2024

I don't care what raid to use, I just need it working with your help of course. I owe you a beer.

I wanted to format the raid it is old and was hacked (ransomware)

perkunas · Apr 21st 2024

I'm beginning to think the drive is empty anyway (no need to format) I'm probably spinning my wheels for nothing.

perkunas · Apr 21st 2024

Ok I feel dumb now the Multiple Device was not there, after a refresh its now there and it says raid 10. I still owe you the beer though.

I need help with mounting drives (OMV hacked ransomware new install)

Participate now!

Tags