[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux machine hit by ransomware

Hi,

On Wed, Jul 09, 2025 at 07:17:25AM -0400, Michael Stone wrote:
> On Mon, Jul 07, 2025 at 07:17:36AM +0200, john doe wrote:
> > In this case, a perimeter firewall will not help.
> > 
> > You likely got compromised by downloading something from the internet or
> > via e-mail.
> 
> That is unlikely if the generated files were owned by nobody rather than the
> user.

Indeed. Though, I would say that as it's looking very likely that this
happened on one of the devices that has things mounted by SMB, such as
one of the Windows computers or the Kodi device, this is probably going
to be some Windows software or a plugin for Kodi. As such, that's also
not going to be caught by any kind of firewall.

Having backups is certainly a lifesaver but I think it would be worth
OP's time do an audit of what exactly is shared and if it really needs
to be writable. This kind of encryption ransomware is really common on
Windows. It just goes through every mounted drive looking for what it
can encrypt, so it doesn't care that the drive is local or over SMB (or
what OS the Samba server is), just that it can write.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting
Reply to: