Project was well maintained and was using VM as a boot target and now it has been hacked with [email protected].
Other than this project, there is not much else worth saving. If can not save, I have to restart everything (((
my Full post at security forum is here:
https://www.cnet.com/forums/discussions ... elpqq-com/
my O/S kernel project has been hacked with ransomware.
-
- Member
- Posts: 396
- Joined: Wed Nov 18, 2015 3:04 pm
- Location: San Jose San Francisco Bay Area
- Contact:
my O/S kernel project has been hacked with ransomware.
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails
Re: my O/S kernel project has been hacked with ransomware.
Is this a plain-text, source-code distribution or is it binaries?
Re: my O/S kernel project has been hacked with ransomware.
Generally speaking, if you have a halfway-recent backup of your "productive" files (as you should), use that and just don't bother with "recovery". Your system was infected. You cannot trust it anymore.
Do a clean format of your hard drive(s). Reinstall your OS. Scan your backup thoroughly for malware, and recover "productive" files only. (I.e., recover source files, personal photos etc., but do set up third-party software from scratch.)
Do a clean format of your hard drive(s). Reinstall your OS. Scan your backup thoroughly for malware, and recover "productive" files only. (I.e., recover source files, personal photos etc., but do set up third-party software from scratch.)
Every good solution is obvious once you've found it.
-
- Member
- Posts: 5512
- Joined: Mon Mar 25, 2013 7:01 pm
Re: my O/S kernel project has been hacked with ransomware.
https://www.nomoreransom.org/
If you're lucky, a decryption tool may already exist. Otherwise, you'll have to start over from scratch, with better backups this time.
If you're lucky, a decryption tool may already exist. Otherwise, you'll have to start over from scratch, with better backups this time.
-
- Member
- Posts: 396
- Joined: Wed Nov 18, 2015 3:04 pm
- Location: San Jose San Francisco Bay Area
- Contact:
Re: my O/S kernel project has been hacked with ransomware.
i should have and laxed and now paid the price. I backed up onto bitlocker encrypted usb HDD 1TB everything in my NAS drive.Solar wrote:Generally speaking, if you have a halfway-recent backup of your "productive" files (as you should), use that and just don't bother with "recovery". Your system was infected. You cannot trust it anymore.
Do a clean format of your hard drive(s). Reinstall your OS. Scan your backup thoroughly for malware, and recover "productive" files only. (I.e., recover source files, personal photos etc., but do set up third-party software from scratch.)
Once if i managed to recover the VMM HDDs on which everything I have, I am going to wipe that infected drive!
It may still be possible that something could have jumped to the firmware of the low-end HP server I have but I am going to assume it has not happened.
That is after I dc-d infected drive and re-installed fresh Win server onto another drive, so far nothing happened.
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails
-
- Member
- Posts: 396
- Joined: Wed Nov 18, 2015 3:04 pm
- Location: San Jose San Francisco Bay Area
- Contact:
Re: my O/S kernel project has been hacked with ransomware.
This is a good one, thanks! First I think I will duplicate the hdd.Octocontrabass wrote:https://www.nomoreransom.org/
If you're lucky, a decryption tool may already exist. Otherwise, you'll have to start over from scratch, with better backups this time.
Few years back, I made DOS utility that actually duplicates the entire drive using INT 13h calls, fair amout of work but simple, but alas, lost the code.
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails
-
- Member
- Posts: 396
- Joined: Wed Nov 18, 2015 3:04 pm
- Location: San Jose San Francisco Bay Area
- Contact:
Re: my O/S kernel project has been hacked with ransomware.
regarding cloning, i recall now linux's dd utility should do the trick as it performs block by block copy.
dd if=/dev/sd<source> of=/dev/sd<target>
dd if=/dev/sd<source> of=/dev/sd<target>
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails
-
- Member
- Posts: 396
- Joined: Wed Nov 18, 2015 3:04 pm
- Location: San Jose San Francisco Bay Area
- Contact:
Re: my O/S kernel project has been hacked with ransomware.
duplication is done using linux dd. booted to both hdd and booting to exactly same image. now real work begins!
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails
-
- Member
- Posts: 396
- Joined: Wed Nov 18, 2015 3:04 pm
- Location: San Jose San Francisco Bay Area
- Contact:
Re: my O/S kernel project has been hacked with ransomware.
Good and bad new. But good one prevailed. Will start with bad news:
i fired up the infected PC and went to nomoreransom.org and they identified one of the file successfully with cryptoxxx. Two tools from uTrend and kasp. failed to work.
Good ones, decided to search for backup of hyperv file on my NAS drive and YES!! within second it shows that I saved all hyperv vhdd-s on that folder. I only to reconstruct VM now. I am going to write to [email protected] to give 'em some wild goose chase. Perhaps negotiate down to 25c for decryption help and if not agree tell 'em F-off!!
i fired up the infected PC and went to nomoreransom.org and they identified one of the file successfully with cryptoxxx. Two tools from uTrend and kasp. failed to work.
Good ones, decided to search for backup of hyperv file on my NAS drive and YES!! within second it shows that I saved all hyperv vhdd-s on that folder. I only to reconstruct VM now. I am going to write to [email protected] to give 'em some wild goose chase. Perhaps negotiate down to 25c for decryption help and if not agree tell 'em F-off!!
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails