Re: [arch-general] archlinux ext4 recovery file versioning
Op 19 apr. 2017 16:21 schreef "Kyle McNally via arch-general" < arch-general@archlinux.org>: >On 04/17/2017 11:12 PM, Maykel Franco via arch-general wrote: >> El 17 abr. 2017 10:09 p. m., "Alex Theotokatos via arch-general" < >> arch-general@archlinux.org> escribió: >> >> On 04/17/2017 09:31 PM, Maykel Franco via arch-general wrote: >> >>> Hi, I have a server in archlinux with samba. I have windows client in >>> my house with mapped folder but a Trojan has entered and encrypted >>> all files included server archlinux... [...] >Maybe, during encryption the files moved on some parental folder and then deleted. i think photorec might help here. >You can start with testdisk and see what is deleted and not. You can try this site https://www.nomoreransom.org/ It might help you decrypt the files. File recovery most likely won't help. (Unless you can 'recover' from a cloud based backup!) Actually, filerecovery (lowlevel) works very nice with most ransomware-infections. Especially since (in this case), the files were on another pc. There are some gotchas though, like used diskspace and time consumption. If those are not an issue, or acceptable; i've had great results with photorec on some sample machines. Wrt backup: since the server itself wasn't involved, all local backups should be fine. Unless those were on a writable share, of course. Mvg, Guus Snijders
Re: [arch-general] archlinux ext4 recovery file versioning
On Wed, Apr 19, 2017 at 10:20:53AM -0400, Kyle McNally via arch-general wrote: > >On 04/17/2017 11:12 PM, Maykel Franco via arch-general wrote: > >> El 17 abr. 2017 10:09 p. m., "Alex Theotokatos via arch-general" < > >> arch-general@archlinux.org> escribió: > >> > >> On 04/17/2017 09:31 PM, Maykel Franco via arch-general wrote: > >> > >>> Hi, I have a server in archlinux with samba. I have windows client in > >>> my house with mapped folder but a Trojan has entered and encrypted > >>> all files included server archlinux... > >>> > >>> Archlinux has formated with ext4. > >>> > >>> Would it be possible to recover unencrypted files? > >>> > >> Maybe testdisk with photorec might help. Good luck... > >> > >> > >> > >> With testisk os posible recovery original files without encrypt? > >It will not unlock the encrypted files, but photorec will swap all the disk > >and can recover some files that 'theoretically' was deleted or tmp files. > >Maybe, during encryption the files moved on some parental folder and then > >deleted. i think photorec might help here. > >You can start with testdisk and see what is deleted and not. > > You can try this site > https://www.nomoreransom.org/ > > It might help you decrypt the files. File recovery most likely won't help. > (Unless you can 'recover' from a cloud based backup!) Hi, Did the trojen infect the server? Were you able to isolate the malicious executable? -- Kind regards, Kai-Chun signature.asc Description: PGP signature
Re: [arch-general] archlinux ext4 recovery file versioning
>On 04/17/2017 11:12 PM, Maykel Franco via arch-general wrote: >> El 17 abr. 2017 10:09 p. m., "Alex Theotokatos via arch-general" < >> arch-general@archlinux.org> escribió: >> >> On 04/17/2017 09:31 PM, Maykel Franco via arch-general wrote: >> >>> Hi, I have a server in archlinux with samba. I have windows client in >>> my house with mapped folder but a Trojan has entered and encrypted >>> all files included server archlinux... >>> >>> Archlinux has formated with ext4. >>> >>> Would it be possible to recover unencrypted files? >>> >> Maybe testdisk with photorec might help. Good luck... >> >> >> >> With testisk os posible recovery original files without encrypt? >It will not unlock the encrypted files, but photorec will swap all the disk >and can recover some files that 'theoretically' was deleted or tmp files. >Maybe, during encryption the files moved on some parental folder and then >deleted. i think photorec might help here. >You can start with testdisk and see what is deleted and not. You can try this site https://www.nomoreransom.org/ It might help you decrypt the files. File recovery most likely won't help. (Unless you can 'recover' from a cloud based backup!)
Re: [arch-general] archlinux ext4 recovery file versioning
On 04/17/2017 11:12 PM, Maykel Franco via arch-general wrote: El 17 abr. 2017 10:09 p. m., "Alex Theotokatos via arch-general" < arch-general@archlinux.org> escribió: On 04/17/2017 09:31 PM, Maykel Franco via arch-general wrote: Hi, I have a server in archlinux with samba. I have windows client in my house with mapped folder but a Trojan has entered and encrypted all files included server archlinux... Archlinux has formated with ext4. Would it be possible to recover unencrypted files? Maybe testdisk with photorec might help. Good luck... With testisk os posible recovery original files without encrypt? It will not unlock the encrypted files, but photorec will swap all the disk and can recover some files that 'theoretically' was deleted or tmp files. Maybe, during encryption the files moved on some parental folder and then deleted. i think photorec might help here. You can start with testdisk and see what is deleted and not.
Re: [arch-general] archlinux ext4 recovery file versioning
El 17 abr. 2017 10:09 p. m., "Alex Theotokatos via arch-general" < arch-general@archlinux.org> escribió: On 04/17/2017 09:31 PM, Maykel Franco via arch-general wrote: > Hi, I have a server in archlinux with samba. I have windows client in my > house with mapped folder but a Trojan has entered and encrypted all files > included server archlinux... > > Archlinux has formated with ext4. > > Would it be possible to recover unencrypted files? > Maybe testdisk with photorec might help. Good luck... With testisk os posible recovery original files without encrypt?
Re: [arch-general] archlinux ext4 recovery file versioning
On 04/17/2017 09:31 PM, Maykel Franco via arch-general wrote: Hi, I have a server in archlinux with samba. I have windows client in my house with mapped folder but a Trojan has entered and encrypted all files included server archlinux... Archlinux has formated with ext4. Would it be possible to recover unencrypted files? Maybe testdisk with photorec might help. Good luck...
[arch-general] archlinux ext4 recovery file versioning
Hi, I have a server in archlinux with samba. I have windows client in my house with mapped folder but a Trojan has entered and encrypted all files included server archlinux... Archlinux has formated with ext4. Would it be possible to recover unencrypted files?
