OSDev.org

The Place to Start for Operating System Developers
It is currently Wed Nov 21, 2018 10:37 am

All times are UTC - 6 hours




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: my O/S kernel project has been hacked with ransomware.
PostPosted: Mon Sep 10, 2018 10:16 pm 
Offline
Member
Member

Joined: Wed Nov 18, 2015 3:04 pm
Posts: 326
Location: San Jose San Francisco Bay Area
Project was well maintained and was using VM as a boot target and now it has been hacked with decryphelp@qq.com.
Other than this project, there is not much else worth saving. If can not save, I have to restart everything :((((

my Full post at security forum is here:
https://www.cnet.com/forums/discussions ... elpqq-com/

_________________
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails


Top
 Profile  
 
 Post subject: Re: my O/S kernel project has been hacked with ransomware.
PostPosted: Mon Sep 10, 2018 11:37 pm 
Offline
Member
Member
User avatar

Joined: Sat Mar 31, 2012 3:07 am
Posts: 3307
Location: Chichester, UK
Is this a plain-text, source-code distribution or is it binaries?


Top
 Profile  
 
 Post subject: Re: my O/S kernel project has been hacked with ransomware.
PostPosted: Tue Sep 11, 2018 2:47 am 
Offline
Member
Member
User avatar

Joined: Thu Nov 16, 2006 12:01 pm
Posts: 7315
Location: Germany
Generally speaking, if you have a halfway-recent backup of your "productive" files (as you should), use that and just don't bother with "recovery". Your system was infected. You cannot trust it anymore.

Do a clean format of your hard drive(s). Reinstall your OS. Scan your backup thoroughly for malware, and recover "productive" files only. (I.e., recover source files, personal photos etc., but do set up third-party software from scratch.)

_________________
Every good solution is obvious once you've found it.


Top
 Profile  
 
 Post subject: Re: my O/S kernel project has been hacked with ransomware.
PostPosted: Tue Sep 11, 2018 2:56 am 
Offline
Member
Member

Joined: Mon Mar 25, 2013 7:01 pm
Posts: 1342
https://www.nomoreransom.org/

If you're lucky, a decryption tool may already exist. Otherwise, you'll have to start over from scratch, with better backups this time.


Top
 Profile  
 
 Post subject: Re: my O/S kernel project has been hacked with ransomware.
PostPosted: Tue Sep 11, 2018 5:17 pm 
Offline
Member
Member

Joined: Wed Nov 18, 2015 3:04 pm
Posts: 326
Location: San Jose San Francisco Bay Area
Solar wrote:
Generally speaking, if you have a halfway-recent backup of your "productive" files (as you should), use that and just don't bother with "recovery". Your system was infected. You cannot trust it anymore.

Do a clean format of your hard drive(s). Reinstall your OS. Scan your backup thoroughly for malware, and recover "productive" files only. (I.e., recover source files, personal photos etc., but do set up third-party software from scratch.)


i should have and laxed and now paid the price. I backed up onto bitlocker encrypted usb HDD 1TB everything in my NAS drive.
Once if i managed to recover the VMM HDDs on which everything I have, I am going to wipe that infected drive!
It may still be possible that something could have jumped to the firmware of the low-end HP server I have but I am going to assume it has not happened.
That is after I dc-d infected drive and re-installed fresh Win server onto another drive, so far nothing happened.

_________________
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails


Top
 Profile  
 
 Post subject: Re: my O/S kernel project has been hacked with ransomware.
PostPosted: Tue Sep 11, 2018 5:18 pm 
Offline
Member
Member

Joined: Wed Nov 18, 2015 3:04 pm
Posts: 326
Location: San Jose San Francisco Bay Area
Octocontrabass wrote:
https://www.nomoreransom.org/

If you're lucky, a decryption tool may already exist. Otherwise, you'll have to start over from scratch, with better backups this time.


This is a good one, thanks! First I think I will duplicate the hdd.
Few years back, I made DOS utility that actually duplicates the entire drive using INT 13h calls, fair amout of work but simple, but alas, lost the code. :(

_________________
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails


Top
 Profile  
 
 Post subject: Re: my O/S kernel project has been hacked with ransomware.
PostPosted: Tue Sep 11, 2018 10:01 pm 
Offline
Member
Member

Joined: Wed Nov 18, 2015 3:04 pm
Posts: 326
Location: San Jose San Francisco Bay Area
regarding cloning, i recall now linux's dd utility should do the trick as it performs block by block copy.
dd if=/dev/sd<source> of=/dev/sd<target>

_________________
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails


Top
 Profile  
 
 Post subject: Re: my O/S kernel project has been hacked with ransomware.
PostPosted: Fri Sep 14, 2018 10:12 am 
Offline
Member
Member

Joined: Wed Nov 18, 2015 3:04 pm
Posts: 326
Location: San Jose San Francisco Bay Area
duplication is done using linux dd. booted to both hdd and booting to exactly same image. now real work begins!

_________________
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails


Top
 Profile  
 
 Post subject: Re: my O/S kernel project has been hacked with ransomware.
PostPosted: Sun Sep 16, 2018 2:26 pm 
Offline
Member
Member

Joined: Wed Nov 18, 2015 3:04 pm
Posts: 326
Location: San Jose San Francisco Bay Area
Good and bad new. But good one prevailed. Will start with bad news:
i fired up the infected PC and went to nomoreransom.org and they identified one of the file successfully with cryptoxxx. Two tools from uTrend and kasp. failed to work.
Good ones, decided to search for backup of hyperv file on my NAS drive and YES!! within second it shows that I saved all hyperv vhdd-s on that folder. I only to reconstruct VM now. I am going to write to decrypthelp@qq.com to give 'em some wild goose chase. Perhaps negotiate down to 25c for decryption help and if not agree tell 'em F-off!!
=D> =D>

_________________
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: Bing [Bot] and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group