On 7/9/25 10:39, Rick Macdonald wrote:
I had a question that I forgot to add to my initial long post. This
was since "top" didn't show any great CPU usage, could the encryption
have been performed on another machine (Windows or one of my 3
Android Kodi boxes)? A number of you suggested exactly this.
If you want to identify the source of the attack, one idea is to put
the server on an isolated network segment, restore it to the
configuration it had when the attacks occurred, and wait to see if the
attacks resume. If so, find the source. If not, add a suspect
computer to the isolated network segment and repeat.