Best way to recover from ransomware attack

toz · December 20, 2021, 3:55pm

Unfortunately my NAS got hacked and was in the process of encrypting files. Fortunately I has insync open at the time, saw this was happening on the synced folder, and was able to stop it before it got too far.

Google drive is unaffected.

Now I will recover the NAS to a clean image with the loss hopefully of only a few hundred files. I am worried that when I unpause insync then it will try to delete the lost files from Google Drive.

What is the best sequence to force insync to download the lost files onto the NAS via the sync folders

mia · December 21, 2021, 5:44am

Hi @toz,

While Insync’s current behavior unsyncs a file that was deleted while the app was offline, I would rather not risk the possibility of any further deletions at the moment.

Best to disconnect the account and then sync the missing files onto the NAS afterwards. To do that, please remove the following:

logs.db
out.txt
“live” folder
“data” folder

These files are located on these file paths:

Linux: ~/.config/Insync
Mac: ~/Library/Application Support/Insync
Windows: search for %appdata%\Insync

Once you restart Insync, it’ll ask you to add your account again. Choose the NAS on Step 2 as your Base Folder, then on Step 6, click “Sync” - don’t select any of the files yet. Clicking “Sync” will trigger file-matching so that you don’t need to re-sync the files that were preserved in the NAS. After it’s finished scanning/file-matching, you can then download the files that were lost locally.

Let me know if you have questions or concerns on this!