OSDev.org

Project was well maintained and was using VM as a boot target and now it has been hacked with [email protected].
Other than this project, there is not much else worth saving. If can not save, I have to restart everything (((

my Full post at security forum is here:
https://www.cnet.com/forums/discussions ... elpqq-com/

Is this a plain-text, source-code distribution or is it binaries?

Generally speaking, if you have a halfway-recent backup of your "productive" files (as you should), use that and just don't bother with "recovery". Your system was infected. You cannot trust it anymore.

Do a clean format of your hard drive(s). Reinstall your OS. Scan your backup thoroughly for malware, and recover "productive" files only. (I.e., recover source files, personal photos etc., but do set up third-party software from scratch.)

https://www.nomoreransom.org/

If you're lucky, a decryption tool may already exist. Otherwise, you'll have to start over from scratch, with better backups this time.

Solar wrote:Generally speaking, if you have a halfway-recent backup of your "productive" files (as you should), use that and just don't bother with "recovery". Your system was infected. You cannot trust it anymore.

Do a clean format of your hard drive(s). Reinstall your OS. Scan your backup thoroughly for malware, and recover "productive" files only. (I.e., recover source files, personal photos etc., but do set up third-party software from scratch.)

i should have and laxed and now paid the price. I backed up onto bitlocker encrypted usb HDD 1TB everything in my NAS drive.
Once if i managed to recover the VMM HDDs on which everything I have, I am going to wipe that infected drive!
It may still be possible that something could have jumped to the firmware of the low-end HP server I have but I am going to assume it has not happened.
That is after I dc-d infected drive and re-installed fresh Win server onto another drive, so far nothing happened.

Octocontrabass wrote:https://www.nomoreransom.org/

If you're lucky, a decryption tool may already exist. Otherwise, you'll have to start over from scratch, with better backups this time.

This is a good one, thanks! First I think I will duplicate the hdd.
Few years back, I made DOS utility that actually duplicates the entire drive using INT 13h calls, fair amout of work but simple, but alas, lost the code.

regarding cloning, i recall now linux's dd utility should do the trick as it performs block by block copy.
dd if=/dev/sd<source> of=/dev/sd<target>

duplication is done using linux dd. booted to both hdd and booting to exactly same image. now real work begins!

Good and bad new. But good one prevailed. Will start with bad news:
i fired up the infected PC and went to nomoreransom.org and they identified one of the file successfully with cryptoxxx. Two tools from uTrend and kasp. failed to work.
Good ones, decided to search for backup of hyperv file on my NAS drive and YES!! within second it shows that I saved all hyperv vhdd-s on that folder. I only to reconstruct VM now. I am going to write to [email protected] to give 'em some wild goose chase. Perhaps negotiate down to 25c for decryption help and if not agree tell 'em F-off!!