March 16, 20251 yr This night I found severl files losing their format and becoing .iwanttocry Is It a Ramsoware? What can I do? At the moment I turned off the server
March 16, 20251 yr Community Expert Are you allowing access to your server from outside your LAN? How?
March 17, 20251 yr Community Expert 3 hours ago, Lybra85 said: What can I do now? And how to recover files? Youre either lucky and for that version of wannacry, theres a public decryption tool available or you have to restore from a backup. Although you still need to figure out what exactly got compromised. Edited March 17, 20251 yr by Mainfrezzer
March 17, 20251 yr Community Expert 3 hours ago, Mainfrezzer said: Although you still need to figure out what exactly got compromised. @Lybra85, this! One thing to realize is the Ramsomware generally comes from a compromised client computer (Usually running Windows). Most of the time that client was inflected by the user on that computer clicking on a link or downloading a file to the client for some reason. As I understand it, most ramsomware is looking for network drives as that is where the biggest rewards are for the perpetrators. (Encrypting the hard drive of a single PC in a Fortune 500 company would cost them less than $500 if they just toss it out it with the trash. Encrypting a major corporate database could cost millions.!)
March 17, 20251 yr Author 7 hours ago, Mainfrezzer said: Youre either lucky and for that version of wannacry, theres a public decryption tool available or you have to restore from a backup. Although you still need to figure out what exactly got compromised. At the moment I am abroad on biz trip. Yesterday when I found the problem I switched off the server and then I Will try on my return. Where can I find the tool? Regarding the injection I connect to the server via a desktop PC with CachyOS, the problem maybe Is the PC from the countryside with Win11 connected via Wireguard
March 30, 20251 yr Author Now I had a bit of time to check. I have a few files listed as [Original_name].want_to_cry I don't know if it's a newer version of the ramsomware I found a tool by TrendMicro but it's not detecting the files encryption Do you have any suggestion?
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.