Hi, On Wed, Jul 09, 2025 at 07:17:25AM -0400, Michael Stone wrote: > On Mon, Jul 07, 2025 at 07:17:36AM +0200, john doe wrote: > > In this case, a perimeter firewall will not help. > > > > You likely got compromised by downloading something from the internet or > > via e-mail. > > That is unlikely if the generated files were owned by nobody rather than the > user.
Indeed. Though, I would say that as it's looking very likely that this happened on one of the devices that has things mounted by SMB, such as one of the Windows computers or the Kodi device, this is probably going to be some Windows software or a plugin for Kodi. As such, that's also not going to be caught by any kind of firewall. Having backups is certainly a lifesaver but I think it would be worth OP's time do an audit of what exactly is shared and if it really needs to be writable. This kind of encryption ransomware is really common on Windows. It just goes through every mounted drive looking for what it can encrypt, so it doesn't care that the drive is local or over SMB (or what OS the Samba server is), just that it can write. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
