September 4, 201510 yr Author Agree this is a scary issue. It's the first time I can recall that somebody had a virus like this propagate to the UnRAID server from the infected PC. I'm convinced it's because of the mapped drive -- so that's the first thing I'd eliminate. This should also be a wake-up call for anyone who doesn't have a robust backup strategy !! It wasn't just the mapped drives.. it was any drive it could see and write to on the LAN.
September 4, 201510 yr Author I wonder if some of the files could be recoverable with a filesystem level scan for deleted files. Does the resierFS have anything like that? for the windows machine, I looked in the recycle bin and there was nothing.
September 4, 201510 yr I wonder if some of the files could be recoverable with a filesystem level scan for deleted files. This doesn't work on Windows PC's with these infections -- the files aren't copied/deleted ... they're encrypted in place and then simply renamed. I doubt it would be any different on the Linux files, but I suppose it wouldn't hurt to check. Since they were accessed via a shared drive in Windows, however, I wouldn't expect any different results.
September 4, 201510 yr Agree this is a scary issue. It's the first time I can recall that somebody had a virus like this propagate to the UnRAID server from the infected PC. I'm convinced it's because of the mapped drive -- so that's the first thing I'd eliminate. This should also be a wake-up call for anyone who doesn't have a robust backup strategy !! It wasn't just the mapped drives.. it was any drive it could see and write to on the LAN. That's interesting. I've known a couple folks who've had this virus over the past few years, and none of their other PC's were harmed ... even though they were all on the same LAN and had some shared folders. But they always accessed the shares via the network addresses [e.g. \\PCName\Sharename] and not via mapped drives. Sounds like this virus was more aggressive in its network scanning.
September 4, 201510 yr Sounds like this virus was more aggressive in its network scanning. And that is the scary part! As somebody posted earlier, the source code has been posted of at least one of the variants of this virus, so things could get pretty hairy sooner rather than later. I am going to look at what I can do this weekend, because my wife could end up doing the same thing to our data. I cannot afford to lose all our recent baby pictures. Looks like a physical backup is in order for this weekend.
September 4, 201510 yr These encryption malware are better known as ransomware. Your misfortune points out the importance of making sure that everything we store that is important to us (financials, work docs, photo and music collections, family videos, etc) MUST also be backed up to a normally inaccessible location, at least inaccessible to modification. Options include - * Removable drives, only attached for the periodic backup * Encrypted volumes, only accessible while open * Read only remote storage, not a local read only flag(!), but truly read only by the current logged in user * CD's, DVD's, etc, basically the same as removable drives, but also essentially read only * Storage in multiple locations, one of which is only available by controlled access, briefly * probably other methods too, that maintain an additional copy of everything that's important to us, but are inaccessible to modification by their nature or without something secret (reasonably unbreakable) This is also a reason why inexpert users should be set up with only limited user rights, not administrator rights. This has been shown to limit the damage at times. And of course, keep anti-malware tools updated. One more thing.. Don't marry a non tech savvy woman!! grrr... ... and, of course, don't allow a Microsoft O/S anywhere near your network!
November 5, 201510 yr jbuszkie, if the problem persists, try this http://soft2secure.com/knowledgebase/ccc-file
Archived
This topic is now archived and is closed to further replies.