Is there any kind of command to know about number of connection that infect a Synology?

Jorge Luis Ojeda
Jorge Luis Ojeda used Ask the Experts™
on
Hello Everybody:

I saw with a company which was affected with some files with a ransomware Gryphon on their Synology NAS, but we need to know the files or user where affected the NAS, in order to avoid more infection on the NAS.

Is there any kind of command in synology using with ssh conection on the Synology or by web in order to investigate where was infection?

Note: We disconect the NAS from the network, to avoid more infection, but we need to find where or which user started the infection.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2016
Commented:
who is the owner/creator of the infected files?
btanExec Consultant
Distinguished Expert 2018
Commented:
Isolate the affected system if not done so.
Check out the file property of the files affected as mentioned by expert. Includes traces (below) from the ransomware.
Check out the replicated and backup files of NAS if they are affected and if so, who/when have last access.
Check out the USB drive allowed in the server and machine connected to the NAS.
Check out the email system to check for suspicious phishing email (below) and trace recipients of the email.
Check out the firewall logs of the affected machine and system on latest traffic coming from the user machine and other servers

In fact,  Gryphon Ransomware may be delivered to victims through the use of corrupted spam email attachments. These spam email attachments may take the form of Microsoft Word documents that use corrupted macro scripts to download and install the Gryphon Ransomware onto the victim's computer. The Gryphon Ransomware infects computer users with the Windows operating system and runs as an executable file named 'payload.exe' on the infected computer.
Distinguished Expert 2018
Commented:
You should be analyzing things like modification dates and owner to get a better idea.
btanExec Consultant
Distinguished Expert 2018

Commented:
For author advice.
btanExec Consultant
Distinguished Expert 2018

Commented:
No further inputs.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial