Over the weekend, 641 of 882 folders in a SMB File Sharing folder were renamed to strings with the format "xxxxxx~x" where "x" is a numeral or uppercase letter.
These folders contain images and were named with our production job number for reference purposes, which now has been rendered useless.
If these filenames can be decoded, I'd appreciate the method to do so.
If this issue has a remedy that will prevent it from ever happening again, I would appreciate that solution as well.
Sounds like the unit may have been hit with malware or ransomware?
Quote from: davo on June 28, 2022, 08:46:10 AM
Sounds like the unit may have been hit with malware or ransomware?
Sure sounds like ransomware. Why people continue to insist on using the Server Message Block protocol is beyond me. It's subject to numerous exploits.
Browser ID: smf
(is_webkit)
Templates: 1:
Printpage (default).
Sub templates: 4:
init,
print_above,
main,
print_below.
Language files: 1:
index+Modifications.english (default).
Style sheets: 0:
.
Hooks called: 59 (
showintegrate_autoload, integrate_pre_load, integrate_load_session, integrate_verify_user, integrate_pre_load_theme, integrate_user_info, integrate_load_board, integrate_board_info, integrate_allowed_to_general, integrate_allowed_to_general, integrate_boards_allowed_to, integrate_mod_cache, integrate_pre_load_theme, integrate_allowed_to_general, integrate_simple_actions, integrate_allowed_to_general, integrate_load_theme, integrate_pre_log_stats, integrate_actions, integrate_word_censor, integrate_word_censor, integrate_pre_parsebbc, integrate_bbc_codes, integrate_bbc_print, integrate_post_parsebbc, integrate_word_censor, integrate_word_censor, integrate_pre_parsebbc, integrate_bbc_print, integrate_post_parsebbc, integrate_word_censor, integrate_word_censor, integrate_pre_parsebbc, integrate_bbc_print, integrate_post_parsebbc, integrate_pre_parsebbc, integrate_smileys, integrate_smileys, integrate_post_parsebbc, integrate_pre_parsebbc, integrate_smileys, integrate_smileys, integrate_post_parsebbc, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_menu_buttons, integrate_current_action, integrate_theme_context, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general)
Files included: 27 - 1055KB. (
show./index.php, ./Settings.php, (Cache)/db_last_error.php, (Sources)/QueryString.php, (Sources)/Subs.php, (Sources)/Subs-Auth.php, (Sources)/Errors.php, (Sources)/Load.php, (Sources)/Security.php, (Sources)/Subs-Compat.php, (Sources)/Subs-Db-mysql.php, (Sources)/Cache/CacheApi.php, (Sources)/Cache/CacheApiInterface.php, (Sources)/StopForumSpam.php, (Sources)/Subs-Charset.php, (Sources)/Unicode/Metadata.php, (Sources)/Unicode/QuickCheck.php, (Sources)/Session.php, (Sources)/Logging.php, (Sources)/Class-BrowserDetect.php, (Sources)/Unicode/RegularExpressions.php, (Sources)/Unicode/CaseUpper.php, (Sources)/Unicode/CaseTitle.php, (Current Theme)/languages/index.english.php, (Current Theme)/languages/Modifications.english.php, (Sources)/Printpage.php, (Current Theme)/Printpage.template.php)
Memory used: 719KB.
Tokens:
post-login.
Queries used: 14.
[Show Queries]