Re: Linux machine hit by ransomware

To: debian-user@lists.debian.org
Subject: Re: Linux machine hit by ransomware
From: Detlef Vollmann <dv@vollmann.ch>
Date: Mon, 7 Jul 2025 21:44:11 +0200
Message-id: <[🔎] b1867d56-bdf7-4c9a-9c59-1eda696cbba7@vollmann.ch>
In-reply-to: <[🔎] aGs-553V71VZH526@furbag.home.arpa>
References: <[🔎] 764bc306-57ba-4194-ae45-ca1029b37083@shaw.ca> <[🔎] aGs-553V71VZH526@furbag.home.arpa>

On 7/7/25 05:28, Karl Vogel wrote:

On Sun 06 Jul 2025 at 22:55:22 (-0400), Rick Macdonald wrote:

After running Debian for nearly 30 years (and other distros prior to that),
my Linux server has been hit by a ransomware attack about 11 days ago.
I have backups, so nothing important has been lost at this point.


   That's the most important thing.

However, I can't figure out how it got in, how it works, if there are
executables on my computer that need to be cleaned, etc.


   You should consider the entire system compromised beyond repair.  Nuke and
   pave -- do a complete reinstall from scratch, restore from a known good
   backup, and re-enable services one at a time.


The main point is to find out which system was hit.
According to the description it looks like the Linux server itself
wasn't hit, but a different system that can access files on the server
via network...

  Detlef

Reply to:

Follow-Ups:
- Re: Linux machine hit by ransomware
  - From: <tomas@tuxteam.de>

References:
- Linux machine hit by ransomware
  - From: Rick Macdonald <rickmacd@shaw.ca>
- Re: Linux machine hit by ransomware
  - From: Karl Vogel <vogelke@pobox.com>

Prev by Date: Re: Linux machine hit by ransomware
Next by Date: Re: Linux machine hit by ransomware
Previous by thread: Re: Linux machine hit by ransomware
Next by thread: Re: Linux machine hit by ransomware
Index(es):
- Date
- Thread