On 2/22/2019 11:44 AM, mbsoftwaresoluti...@mbsoftwaresolutions.com wrote:
Got a call from a client today who was having some sort of error with
the program/website (WestWind WebConnection). I remoted in to see
that EVERY file had been renamed to something like
filename.ext.decrypt12...@qq.com. Told them their IT vendor would
have to restore from their last backup (which they said was just hours
prior, thankfully).
Ouch. Especially when you're website is used all over the nation and
Canada.
If they had been using MySQL/MariaDB/SQL-Server/PostgreSQL/etc instead
of a file-server database, this wouldn't have been possible, right?
Well, if you mean only .dbf, .cdx, .dbc files had been renamed, then
maybe Server DBs would have been safe. But if all kinds of files were
renamed, then no, I doubt they would have been safe. Remember, even
"server" database systems store their data in ... files.
It sounds like some very insidious code has infected their server. I'd
recommend a complete wipe before a restore (or at least verify boot
sectors or any other root/bootup software, etc).
-Charlie
___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/b3561258-370f-7c6b-7b4c-304488f7f...@gmail.com
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.