Re: Linux machine hit by ransomware

To: debian-user@lists.debian.org
Subject: Re: Linux machine hit by ransomware
From: Greg <curtyshoo@gmail.com>
Date: Mon, 7 Jul 2025 13:39:44 -0000 (UTC)
Message-id: <[🔎] slrn106njh0.1bb.curtyshoo@einstein.home.arpa>
References: <[🔎] 764bc306-57ba-4194-ae45-ca1029b37083@shaw.ca> <[🔎] aGs-553V71VZH526@furbag.home.arpa>

On 2025-07-07, Karl Vogel <vogelke@pobox.com> wrote:
>>> On Sun 06 Jul 2025 at 22:55:22 (-0400), Rick Macdonald wrote:
>
>> After running Debian for nearly 30 years (and other distros prior to that),
>> my Linux server has been hit by a ransomware attack about 11 days ago.
>> I have backups, so nothing important has been lost at this point.
>
>   That's the most important thing.
>
>> However, I can't figure out how it got in, how it works, if there are
>> executables on my computer that need to be cleaned, etc.
>
>   You should consider the entire system compromised beyond repair.  Nuke and
>   pave -- do a complete reinstall from scratch, restore from a known good
>   backup, and re-enable services one at a time.

That's what I'd do, nuke and pave. Yet there remains the key, forensic
question of how the server became contaminated in the first place.

Reply to:

References:
- Linux machine hit by ransomware
  - From: Rick Macdonald <rickmacd@shaw.ca>
- Re: Linux machine hit by ransomware
  - From: Karl Vogel <vogelke@pobox.com>

Prev by Date: Re: Folders from user suddenly in trash
Next by Date: Re: Folders from user suddenly in trash
Previous by thread: Re: Linux machine hit by ransomware
Next by thread: Re: Linux machine hit by ransomware
Index(es):
- Date
- Thread