• State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 3396 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is Core Protected By Proprietary File Types?

Corrigun
over 6 years ago

In August we got whacked by ransomware (Lukitus). Yesterday completely by chance I was poking around on the core server and found some encrypted files. I searched the whole server and found many more. Nothing runs on this machine but the O/S (Server2012) and RR.

Looking at the repository is appears that some config files got encrypted but that RR just made new ones? The other, larger (proprietary) files like ids, map, etc all seem untouched. Everything still runs fine and the recovery points from that date range have long since cycled out. The base images are from long before.

Do I hose this whole core and start over or just leave it alone? Making three new base images and a new chain for no compelling reason does not really appeal to me.

Parents
  • 0 over 6 years ago

    I have stopped the service and machine probably 10 times since August. I have also recovered dozens of files for machines all over the network since then with no sign of problem anywhere.

    We get whacked pretty often since we are attached to a HUGE network most of it outside of my control. I am confident that it is not infected. Every time we get hit it's over in minutes at most. It's always been a different variant and always find the source so I'm sure it's not lingering.

    I appreciate the point and don't disagree but since the machine acts as the repository recreating it would be a huge PITA.

Reply
  • 0 over 6 years ago

    I have stopped the service and machine probably 10 times since August. I have also recovered dozens of files for machines all over the network since then with no sign of problem anywhere.

    We get whacked pretty often since we are attached to a HUGE network most of it outside of my control. I am confident that it is not infected. Every time we get hit it's over in minutes at most. It's always been a different variant and always find the source so I'm sure it's not lingering.

    I appreciate the point and don't disagree but since the machine acts as the repository recreating it would be a huge PITA.

Children
No Data