Re: Linux machine hit by ransomware

To: debian-user@lists.debian.org
Subject: Re: Linux machine hit by ransomware
From: Joe <joe@jretrading.com>
Date: Tue, 8 Jul 2025 10:56:47 +0100
Message-id: <[🔎] 20250708105647.030b5a96@jrenewsid.jretrading.com>
In-reply-to: <[🔎] aGymUWk1EZabgbtz@tuxteam.de>
References: <[🔎] 764bc306-57ba-4194-ae45-ca1029b37083@shaw.ca> <[🔎] aGs-553V71VZH526@furbag.home.arpa> <[🔎] b1867d56-bdf7-4c9a-9c59-1eda696cbba7@vollmann.ch> <[🔎] aGymUWk1EZabgbtz@tuxteam.de>

On Tue, 8 Jul 2025 07:02:09 +0200
<tomas@tuxteam.de> wrote:

> On Mon, Jul 07, 2025 at 09:44:11PM +0200, Detlef Vollmann wrote:
> 
> [...]
> 
> > The main point is to find out which system was hit.
> > According to the description it looks like the Linux server itself
> > wasn't hit, but a different system that can access files on the
> > server via network...  
> 
> Yes. The guess put forward elsewhere in this thread that it was
> perhaps a Windows client over Samba is pretty compelling. Especially
> the observation that only world-writable files were hit is a finger
> pointing in this direction.
> 
Presumably if there was 8-year-old Linux ransomware, we would know about
it already. I think it is fairly certain it was a Windows machine that
was compromised.

-- 
Joe

Reply to:

References:
- Linux machine hit by ransomware
  - From: Rick Macdonald <rickmacd@shaw.ca>
- Re: Linux machine hit by ransomware
  - From: Karl Vogel <vogelke@pobox.com>
- Re: Linux machine hit by ransomware
  - From: Detlef Vollmann <dv@vollmann.ch>
- Re: Linux machine hit by ransomware
  - From: <tomas@tuxteam.de>

Prev by Date: Re: Linux machine hit by ransomware
Next by Date: Package identification
Previous by thread: Re: Linux machine hit by ransomware
Next by thread: Re: Linux machine hit by ransomware
Index(es):
- Date
- Thread