Suspected ransomware attacks: Bulk file reads and deletions

Plex Media Server NAS & Devices

rdargus April 11, 2024, 7:38pm 1

Server Version#: 1.40.2.8351
Player Version# 4.128.1

Is this normal?

Synology Active Insight
Critical event:

Hostxxxx
Event detected at2024/04/11 02:04 Action advisorySign in to your host system to confirm that the file access was not malicious.

User: PlexMediaServer
Suspicious files: /volume1/PlexMediaServer/AppData/tmp/pms-f53252d6-dfc0-4cf7-8256-f15305b288f0/EasyAudioEncoder/Convert to WAV (to 8ch or less)/1a22618c-c42d-4bbe-a063-4d2a8c77be34_17605-0-8.wav, /volume1/PlexMediaServer/AppData/tmp/pms-f53252d6-dfc0-4cf7-8256-f15305b288f0/EasyAudioEncoder/Convert to WAV (to 8ch or less)/1a22618c-c42d-4bbe-a063-4d2a8c77be34_17605-0-9.wav, /volume1/PlexMediaServer/AppData/tmp/pms-f53252d6-dfc0-4cf7-8256-f15305b288f0/EasyAudioEncoder/Convert to WAV (to 8ch or less)/1a22618c-c42d-4bbe-a063-4d2a8c77be34_17605-0-10.wav, /volume1/PlexMediaServer/AppData/tmp/pms-f53252d6-dfc0-4cf7-8256-f15305b288f0/EasyAudioEncoder/Convert to WAV (to 8ch or less)/1a22618c-c42d-4bbe-a063-4d2a8c77be34_17605-0-11.wav, /volume1/PlexMediaServer/AppData/tmp/pms-f53252d6-dfc0-4cf7-8256-f15305b288f0/EasyAudioEncoder/Convert to WAV (to 8ch or less)/1a22618c-c42d-4bbe-a063-4d2a8c77be34_17605-0-12.wav
<If providing server logs please do NOT turn on verbose logging, only debug logging should be enabled>

trumpy81 April 13, 2024, 2:45pm 2

This is normal activity for Plex.

The details shown in your log snippet are the result of Plex transcoding the audio for one or more of the files in your library.

You should whitelist the /volume1/PlexMediaServer/AppData/tmp folder so this issue does not reoccur.

1 Like

rdargus April 13, 2024, 7:36pm 3

Thank you for your assistance…

Flytdeck April 26, 2024, 7:46pm 4

My thanks as well. Same problem.

rdargus April 26, 2024, 8:02pm 5

I reinstalled Plex and the problem went away. I never saw that Plex behavior in eight years.

leere68 April 30, 2024, 1:44am 6

This must be new behavior, because I’ve been running PMS on Synology NASes for years and this has never been an issue.

ChuckPa April 30, 2024, 2:19am 7

Synology never tells us what they implement.

We don’t even get advance release / beta of the OS anymore

system Closed July 29, 2024, 2:19am 8

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
Plex Media is Deleting my Music Files NAS & Devices server-synology	3	100	March 31, 2021
Plex on Synology NAS. vid files sucked into an unknown portion of the disk NAS & Devices server-synology , library-management	10	93	June 3, 2022
Plex Installed several unknown files that can't be deleted Metadata & Adding Files server-windows	10	165	October 15, 2023
Synology Server (only running Plex) has filled up TBs of space and I can't figure out how to fix NAS & Devices server-synology	40	511	December 7, 2023
Plex Media Server deleted my files - need help! Desktops & Laptops server-windows	195	11798	August 19, 2020