Is there any kind of command to know about number of connection that infect a Synology?

Hello Everybody:

I saw with a company which was affected with some files with a ransomware Gryphon on their Synology NAS, but we need to know the files or user where affected the NAS, in order to avoid more infection on the NAS.

Is there any kind of command in synology using with ssh conection on the Synology or by web in order to investigate where was infection?

Note: We disconect the NAS from the network, to avoid more infection, but we need to find where or which user started the infection.
Jorge Luis OjedaCEOAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPRetiredCommented:
who is the owner/creator of the infected files?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
Isolate the affected system if not done so.
Check out the file property of the files affected as mentioned by expert. Includes traces (below) from the ransomware.
Check out the replicated and backup files of NAS if they are affected and if so, who/when have last access.
Check out the USB drive allowed in the server and machine connected to the NAS.
Check out the email system to check for suspicious phishing email (below) and trace recipients of the email.
Check out the firewall logs of the affected machine and system on latest traffic coming from the user machine and other servers

In fact,  Gryphon Ransomware may be delivered to victims through the use of corrupted spam email attachments. These spam email attachments may take the form of Microsoft Word documents that use corrupted macro scripts to download and install the Gryphon Ransomware onto the victim's computer. The Gryphon Ransomware infects computer users with the Windows operating system and runs as an executable file named 'payload.exe' on the infected computer.
You should be analyzing things like modification dates and owner to get a better idea.
btanExec ConsultantCommented:
For author advice.
btanExec ConsultantCommented:
No further inputs.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.