Answer the question
In order to leave comments, you need to log in
.encrypted files on the server?
There is a site gostender.ru . The other day he stopped working and asks for money.
I thought it was a common virus, but no, I go in, and there all the files have become .encrypted with encrypted content.
Those. literally everything:
.htaccess.encrypted
.php.encrypted
The files are absolutely unreadable.
There are no backups, and yet we need to understand where they come from, we do not need re-infection.
Nobody faced it?
Answer the question
In order to leave comments, you need to log in
For Windows, a similar virus has existed for a long time, but in the fall of 2015, a ransomware virus appeared for Linux as well. It does exactly what you described and requires payment, after which a decryption key is sent to you. And usually they ask to pay with cryptocurrency - bitcoins. About two months ago it was 1 bitcoin, about 30 thousand rubles. My friend did not pay, updated the server system and checked the site files, so far everything is in order. In the English-language Internet, they wrote that the penetration of the virus is not related to the site files, but has a different nature of origin. Perhaps some software, so we can only advise you to be more careful about its installation and settings.
PS And the fact that there are no backups is not true :)
Linux.Encoder.1-3 is for sure. Faced. Holes in CMS and other things are used. Decode the logs - you can see exactly.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question