On Wed, Apr 19, 2017 at 10:20:53AM -0400, Kyle McNally via arch-general wrote: > >On 04/17/2017 11:12 PM, Maykel Franco via arch-general wrote: > >> El 17 abr. 2017 10:09 p. m., "Alex Theotokatos via arch-general" < > >> arch-general@xxxxxxxxxxxxx> escribió: > >> > >> On 04/17/2017 09:31 PM, Maykel Franco via arch-general wrote: > >> > >>> Hi, I have a server in archlinux with samba. I have windows client in > >>> my house with mapped folder but a Trojan has entered and encrypted > >>> all files included server archlinux... > >>> > >>> Archlinux has formated with ext4. > >>> > >>> Would it be possible to recover unencrypted files? > >>> > >> Maybe testdisk with photorec might help. Good luck... > >> > >> > >> > >> With testisk os posible recovery original files without encrypt? > >It will not unlock the encrypted files, but photorec will swap all the disk and can recover some files that 'theoretically' was deleted or tmp files. > >Maybe, during encryption the files moved on some parental folder and then deleted. i think photorec might help here. > >You can start with testdisk and see what is deleted and not. > > You can try this site > https://www.nomoreransom.org/ > > It might help you decrypt the files. File recovery most likely won't help. (Unless you can 'recover' from a cloud based backup!) Hi, Did the trojen infect the server? Were you able to isolate the malicious executable? -- Kind regards, Kai-Chun
Attachment:
signature.asc
Description: PGP signature
