June 12, 20206 yr Some nasty ransomware got me. It encrypted the vdisk1.img file of an Ubuntu VM while that VM is still up. Is there any way to recover/recreate that file from a running VM (from RAM?) before it is restarted? Same thing with my Android VM. The compromise was from a windows PC on the network with an unsecured login. It had some UNRAID folders shared through SAMBA so that's how the vdisks got encrypted. I already shut that Win PC down and have things under control. The Linux VM itself is clean and I want to maintain its contents and environment that I set up. Only the UNRAID shares were impacted. Luckily no folder was shared in the VM itself. Edited June 12, 20206 yr by frakman1
June 13, 20206 yr Since the VM is up, can you still copy your home folder content elsewhere? Pretty much anything critical in an Ubuntu install should be in your user's home folder. I'm fuzzy on how the file got encrypted while it was held open by KVM. Are you sure it was encrypted?
June 13, 20206 yr Author Well I wanted the whole filesystem, not just my home dir. I didn't want to re-install and tweak everything from scratch. I ended up using rsync to a brand new VM with the same OS and that worked. Unfortunately, the Android VM didn't make it as it rebooted before I got to it. Yes, it absolutely did encrypt and rename the file and render it unreadable. That's why the Android VM couldn't boot.
Archived
This topic is now archived and is closed to further replies.