[arch-general] archlinux ext4 recovery file versioning
Kai-Chun Ning
kaichun.ning at gmail.com
Wed Apr 19 14:55:18 UTC 2017
On Wed, Apr 19, 2017 at 10:20:53AM -0400, Kyle McNally via arch-general wrote:
> >On 04/17/2017 11:12 PM, Maykel Franco via arch-general wrote:
> >> El 17 abr. 2017 10:09 p. m., "Alex Theotokatos via arch-general" <
> >> arch-general at archlinux.org> escribió:
> >>
> >> On 04/17/2017 09:31 PM, Maykel Franco via arch-general wrote:
> >>
> >>> Hi, I have a server in archlinux with samba. I have windows client in
> >>> my house with mapped folder but a Trojan has entered and encrypted
> >>> all files included server archlinux...
> >>>
> >>> Archlinux has formated with ext4.
> >>>
> >>> Would it be possible to recover unencrypted files?
> >>>
> >> Maybe testdisk with photorec might help. Good luck...
> >>
> >>
> >>
> >> With testisk os posible recovery original files without encrypt?
> >It will not unlock the encrypted files, but photorec will swap all the disk and can recover some files that 'theoretically' was deleted or tmp files.
> >Maybe, during encryption the files moved on some parental folder and then deleted. i think photorec might help here.
> >You can start with testdisk and see what is deleted and not.
>
> You can try this site
> https://www.nomoreransom.org/
>
> It might help you decrypt the files. File recovery most likely won't help. (Unless you can 'recover' from a cloud based backup!)
Hi,
Did the trojen infect the server? Were you able to isolate the
malicious executable?
--
Kind regards,
Kai-Chun
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 906 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20170419/89b1ce41/attachment.asc>
More information about the arch-general
mailing list