D
D
Denis Vasiliev2016-01-30 06:27:35
PHP
Denis Vasiliev, 2016-01-30 06:27:35

.encrypted files on the server?

There is a site gostender.ru . The other day he stopped working and asks for money.
I thought it was a common virus, but no, I go in, and there all the files have become .encrypted with encrypted content.
Those. literally everything:
.htaccess.encrypted
.php.encrypted
The files are absolutely unreadable.
There are no backups, and yet we need to understand where they come from, we do not need re-infection.
Nobody faced it?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
S
Stanislav Tretyakov, 2016-01-30
@babulja

For Windows, a similar virus has existed for a long time, but in the fall of 2015, a ransomware virus appeared for Linux as well. It does exactly what you described and requires payment, after which a decryption key is sent to you. And usually they ask to pay with cryptocurrency - bitcoins. About two months ago it was 1 bitcoin, about 30 thousand rubles. My friend did not pay, updated the server system and checked the site files, so far everything is in order. In the English-language Internet, they wrote that the penetration of the virus is not related to the site files, but has a different nature of origin. Perhaps some software, so we can only advise you to be more careful about its installation and settings.
PS And the fact that there are no backups is not true :)

V
Vladimir Martyanov, 2016-01-30
@vilgeforce

Linux.Encoder.1-3 is for sure. Faced. Holes in CMS and other things are used. Decode the logs - you can see exactly.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question