Ransomware and encryption


10 posts in this topic Last Reply

Recommended Posts

So if my server would ever get hit with ransomware and encryption can you just reformat the drives or are the drive some how locked?  I would never pay since I don’t have anything important so I can just redownload everything 

Link to post

From what I've seen most of the time your paying to unlock your data since that's the fear they throw over your head. Pay or loose access to your data and then they normally throw a clock on it to scare you even more. 

Link to post

Yeah I understand the paying part but I wouldn’t do that.  I’m wondering if I can reformat the drives lose all the data and start over or do they lock the drives somehow that they can’t be reformatted 

Link to post
30 minutes ago, squirrellydw said:

if I can reformat the drives lose all the data and start over

But before you do that, you have to figure out how they gained access onto your network in the first place, other wise it'll just happen again.  

Link to post
13 minutes ago, Squid said:

But before you do that, you have to figure out how they gained access onto your network in the first place, other wise it'll just happen again.  

Yes I realize that. Just wanted to make sure. I would hate to have buy new drives.  

Link to post

I would just consider everything on your system as possibly impacted. From your drives to your SSD and to your Flash Drive. 

 

Also who knows if anything else on your network could of been targeted or was the source in the first place. 

Link to post

@squirrellydw

 

Have you seen this script? I run it once a month on all my media shares and yes I've actually tried to modify my files to no avail.  I even created a few User.Scripts so I can just click a button to launch them as needed. Will it shut down a script? Probably, but a well versed knowing what hes doing person might get around it pretty fast, but I'm not going to make it that easy on them. ;)

 

 

Security.Lock.Media

#!/bin/bash
#noParity=true
#arrayStarted=true
/mnt/cache/appdata/scripts/no_ransom.sh --lock-files 'yes' --media-shares 'Movies,TV' --include-extensions '*.*' --debug 'yes'


echo "Sending Notification"
/usr/local/emhttp/plugins/dynamix/scripts/notify -e "$(date +%D-%H:%I) Media Locked" -d "$(date +%D-%H:%I) Media Locked" -i "normal" 
echo "."
echo "."
echo "done"

 

Basically the above calls a script that I have sitting on my SSD and I choose to lock Movies and TV share. You would create a script to the exact opposite of --lock-files 'no' to unlock them. I created a script to lock those and unlock those and separate ones to do just TV and just Movies. When its all said and done I get a message from my server telling me it locked or unlocked depending on what I did. 

 

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.