my O/S kernel project has been hacked with ransomware.

All off topic discussions go here. Everything from the funny thing your cat did to your favorite tv shows. Non-programming computer questions are ok too.
Post Reply
ggodw000
Member
Member
Posts: 396
Joined: Wed Nov 18, 2015 3:04 pm
Location: San Jose San Francisco Bay Area
Contact:

my O/S kernel project has been hacked with ransomware.

Post by ggodw000 »

Project was well maintained and was using VM as a boot target and now it has been hacked with [email protected].
Other than this project, there is not much else worth saving. If can not save, I have to restart everything :((((

my Full post at security forum is here:
https://www.cnet.com/forums/discussions ... elpqq-com/
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails
User avatar
iansjack
Member
Member
Posts: 4685
Joined: Sat Mar 31, 2012 3:07 am
Location: Chichester, UK

Re: my O/S kernel project has been hacked with ransomware.

Post by iansjack »

Is this a plain-text, source-code distribution or is it binaries?
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:

Re: my O/S kernel project has been hacked with ransomware.

Post by Solar »

Generally speaking, if you have a halfway-recent backup of your "productive" files (as you should), use that and just don't bother with "recovery". Your system was infected. You cannot trust it anymore.

Do a clean format of your hard drive(s). Reinstall your OS. Scan your backup thoroughly for malware, and recover "productive" files only. (I.e., recover source files, personal photos etc., but do set up third-party software from scratch.)
Every good solution is obvious once you've found it.
Octocontrabass
Member
Member
Posts: 5512
Joined: Mon Mar 25, 2013 7:01 pm

Re: my O/S kernel project has been hacked with ransomware.

Post by Octocontrabass »

https://www.nomoreransom.org/

If you're lucky, a decryption tool may already exist. Otherwise, you'll have to start over from scratch, with better backups this time.
ggodw000
Member
Member
Posts: 396
Joined: Wed Nov 18, 2015 3:04 pm
Location: San Jose San Francisco Bay Area
Contact:

Re: my O/S kernel project has been hacked with ransomware.

Post by ggodw000 »

Solar wrote:Generally speaking, if you have a halfway-recent backup of your "productive" files (as you should), use that and just don't bother with "recovery". Your system was infected. You cannot trust it anymore.

Do a clean format of your hard drive(s). Reinstall your OS. Scan your backup thoroughly for malware, and recover "productive" files only. (I.e., recover source files, personal photos etc., but do set up third-party software from scratch.)
i should have and laxed and now paid the price. I backed up onto bitlocker encrypted usb HDD 1TB everything in my NAS drive.
Once if i managed to recover the VMM HDDs on which everything I have, I am going to wipe that infected drive!
It may still be possible that something could have jumped to the firmware of the low-end HP server I have but I am going to assume it has not happened.
That is after I dc-d infected drive and re-installed fresh Win server onto another drive, so far nothing happened.
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails
ggodw000
Member
Member
Posts: 396
Joined: Wed Nov 18, 2015 3:04 pm
Location: San Jose San Francisco Bay Area
Contact:

Re: my O/S kernel project has been hacked with ransomware.

Post by ggodw000 »

Octocontrabass wrote:https://www.nomoreransom.org/

If you're lucky, a decryption tool may already exist. Otherwise, you'll have to start over from scratch, with better backups this time.
This is a good one, thanks! First I think I will duplicate the hdd.
Few years back, I made DOS utility that actually duplicates the entire drive using INT 13h calls, fair amout of work but simple, but alas, lost the code. :(
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails
ggodw000
Member
Member
Posts: 396
Joined: Wed Nov 18, 2015 3:04 pm
Location: San Jose San Francisco Bay Area
Contact:

Re: my O/S kernel project has been hacked with ransomware.

Post by ggodw000 »

regarding cloning, i recall now linux's dd utility should do the trick as it performs block by block copy.
dd if=/dev/sd<source> of=/dev/sd<target>
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails
ggodw000
Member
Member
Posts: 396
Joined: Wed Nov 18, 2015 3:04 pm
Location: San Jose San Francisco Bay Area
Contact:

Re: my O/S kernel project has been hacked with ransomware.

Post by ggodw000 »

duplication is done using linux dd. booted to both hdd and booting to exactly same image. now real work begins!
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails
ggodw000
Member
Member
Posts: 396
Joined: Wed Nov 18, 2015 3:04 pm
Location: San Jose San Francisco Bay Area
Contact:

Re: my O/S kernel project has been hacked with ransomware.

Post by ggodw000 »

Good and bad new. But good one prevailed. Will start with bad news:
i fired up the infected PC and went to nomoreransom.org and they identified one of the file successfully with cryptoxxx. Two tools from uTrend and kasp. failed to work.
Good ones, decided to search for backup of hyperv file on my NAS drive and YES!! within second it shows that I saved all hyperv vhdd-s on that folder. I only to reconstruct VM now. I am going to write to [email protected] to give 'em some wild goose chase. Perhaps negotiate down to 25c for decryption help and if not agree tell 'em F-off!!
=D> =D>
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails
Post Reply