OSDev.org
https://forum.osdev.org/

my O/S kernel project has been hacked with ransomware.
https://forum.osdev.org/viewtopic.php?f=11&t=33176
Page 1 of 1

Author:  ggodw000 [ Mon Sep 10, 2018 10:16 pm ]
Post subject:  my O/S kernel project has been hacked with ransomware.

Project was well maintained and was using VM as a boot target and now it has been hacked with decryphelp@qq.com.
Other than this project, there is not much else worth saving. If can not save, I have to restart everything :((((

my Full post at security forum is here:
https://www.cnet.com/forums/discussions ... elpqq-com/

Author:  iansjack [ Mon Sep 10, 2018 11:37 pm ]
Post subject:  Re: my O/S kernel project has been hacked with ransomware.

Is this a plain-text, source-code distribution or is it binaries?

Author:  Solar [ Tue Sep 11, 2018 2:47 am ]
Post subject:  Re: my O/S kernel project has been hacked with ransomware.

Generally speaking, if you have a halfway-recent backup of your "productive" files (as you should), use that and just don't bother with "recovery". Your system was infected. You cannot trust it anymore.

Do a clean format of your hard drive(s). Reinstall your OS. Scan your backup thoroughly for malware, and recover "productive" files only. (I.e., recover source files, personal photos etc., but do set up third-party software from scratch.)

Author:  Octocontrabass [ Tue Sep 11, 2018 2:56 am ]
Post subject:  Re: my O/S kernel project has been hacked with ransomware.

https://www.nomoreransom.org/

If you're lucky, a decryption tool may already exist. Otherwise, you'll have to start over from scratch, with better backups this time.

Author:  ggodw000 [ Tue Sep 11, 2018 5:17 pm ]
Post subject:  Re: my O/S kernel project has been hacked with ransomware.

Solar wrote:
Generally speaking, if you have a halfway-recent backup of your "productive" files (as you should), use that and just don't bother with "recovery". Your system was infected. You cannot trust it anymore.

Do a clean format of your hard drive(s). Reinstall your OS. Scan your backup thoroughly for malware, and recover "productive" files only. (I.e., recover source files, personal photos etc., but do set up third-party software from scratch.)


i should have and laxed and now paid the price. I backed up onto bitlocker encrypted usb HDD 1TB everything in my NAS drive.
Once if i managed to recover the VMM HDDs on which everything I have, I am going to wipe that infected drive!
It may still be possible that something could have jumped to the firmware of the low-end HP server I have but I am going to assume it has not happened.
That is after I dc-d infected drive and re-installed fresh Win server onto another drive, so far nothing happened.

Author:  ggodw000 [ Tue Sep 11, 2018 5:18 pm ]
Post subject:  Re: my O/S kernel project has been hacked with ransomware.

Octocontrabass wrote:
https://www.nomoreransom.org/

If you're lucky, a decryption tool may already exist. Otherwise, you'll have to start over from scratch, with better backups this time.


This is a good one, thanks! First I think I will duplicate the hdd.
Few years back, I made DOS utility that actually duplicates the entire drive using INT 13h calls, fair amout of work but simple, but alas, lost the code. :(

Author:  ggodw000 [ Tue Sep 11, 2018 10:01 pm ]
Post subject:  Re: my O/S kernel project has been hacked with ransomware.

regarding cloning, i recall now linux's dd utility should do the trick as it performs block by block copy.
dd if=/dev/sd<source> of=/dev/sd<target>

Author:  ggodw000 [ Fri Sep 14, 2018 10:12 am ]
Post subject:  Re: my O/S kernel project has been hacked with ransomware.

duplication is done using linux dd. booted to both hdd and booting to exactly same image. now real work begins!

Author:  ggodw000 [ Sun Sep 16, 2018 2:26 pm ]
Post subject:  Re: my O/S kernel project has been hacked with ransomware.

Good and bad new. But good one prevailed. Will start with bad news:
i fired up the infected PC and went to nomoreransom.org and they identified one of the file successfully with cryptoxxx. Two tools from uTrend and kasp. failed to work.
Good ones, decided to search for backup of hyperv file on my NAS drive and YES!! within second it shows that I saved all hyperv vhdd-s on that folder. I only to reconstruct VM now. I am going to write to decrypthelp@qq.com to give 'em some wild goose chase. Perhaps negotiate down to 25c for decryption help and if not agree tell 'em F-off!!
=D> =D>

Page 1 of 1 All times are UTC - 6 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/