On Wed, Apr 19, 2017 at 10:20:53AM -0400, Kyle McNally via arch-general wrote:
On 04/17/2017 11:12 PM, Maykel Franco via arch-general wrote:
El 17 abr. 2017 10:09 p. m., "Alex Theotokatos via arch-general" < arch-general@archlinux.org> escribió:
On 04/17/2017 09:31 PM, Maykel Franco via arch-general wrote:
Hi, I have a server in archlinux with samba. I have windows client in my house with mapped folder but a Trojan has entered and encrypted all files included server archlinux...
Archlinux has formated with ext4.
Would it be possible to recover unencrypted files?
Maybe testdisk with photorec might help. Good luck...
With testisk os posible recovery original files without encrypt? It will not unlock the encrypted files, but photorec will swap all the disk and can recover some files that 'theoretically' was deleted or tmp files. Maybe, during encryption the files moved on some parental folder and then deleted. i think photorec might help here. You can start with testdisk and see what is deleted and not.
You can try this site https://www.nomoreransom.org/
It might help you decrypt the files. File recovery most likely won't help. (Unless you can 'recover' from a cloud based backup!)
Hi, Did the trojen infect the server? Were you able to isolate the malicious executable? -- Kind regards, Kai-Chun