Op 19 apr. 2017 16:21 schreef "Kyle McNally via arch-general" < arch-general@archlinux.org>:
On 04/17/2017 11:12 PM, Maykel Franco via arch-general wrote:
El 17 abr. 2017 10:09 p. m., "Alex Theotokatos via arch-general" < arch-general@archlinux.org> escribió:
On 04/17/2017 09:31 PM, Maykel Franco via arch-general wrote:
Hi, I have a server in archlinux with samba. I have windows client in my house with mapped folder but a Trojan has entered and encrypted all files included server archlinux... [...] Maybe, during encryption the files moved on some parental folder and then deleted. i think photorec might help here. You can start with testdisk and see what is deleted and not.
You can try this site https://www.nomoreransom.org/ It might help you decrypt the files. File recovery most likely won't help. (Unless you can 'recover' from a cloud based backup!) Actually, filerecovery (lowlevel) works very nice with most ransomware-infections. Especially since (in this case), the files were on another pc. There are some gotchas though, like used diskspace and time consumption. If those are not an issue, or acceptable; i've had great results with photorec on some sample machines. Wrt backup: since the server itself wasn't involved, all local backups should be fine. Unless those were on a writable share, of course. Mvg, Guus Snijders