[arch-general] archlinux ext4 recovery file versioning
Guus Snijders
gsnijders at gmail.com
Wed Apr 19 16:39:12 UTC 2017
Op 19 apr. 2017 16:21 schreef "Kyle McNally via arch-general" <
arch-general at archlinux.org>:
>On 04/17/2017 11:12 PM, Maykel Franco via arch-general wrote:
>> El 17 abr. 2017 10:09 p. m., "Alex Theotokatos via arch-general" <
>> arch-general at archlinux.org> escribió:
>>
>> On 04/17/2017 09:31 PM, Maykel Franco via arch-general wrote:
>>
>>> Hi, I have a server in archlinux with samba. I have windows client in
>>> my house with mapped folder but a Trojan has entered and encrypted
>>> all files included server archlinux...
[...]
>Maybe, during encryption the files moved on some parental folder and then
deleted. i think photorec might help here.
>You can start with testdisk and see what is deleted and not.
You can try this site
https://www.nomoreransom.org/
It might help you decrypt the files. File recovery most likely won't help.
(Unless you can 'recover' from a cloud based backup!)
Actually, filerecovery (lowlevel) works very nice with most
ransomware-infections. Especially since (in this case), the files were on
another pc.
There are some gotchas though, like used diskspace and time consumption.
If those are not an issue, or acceptable; i've had great results with
photorec on some sample machines.
Wrt backup: since the server itself wasn't involved, all local backups
should be fine. Unless those were on a writable share, of course.
Mvg, Guus Snijders
More information about the arch-general
mailing list