The problem with this ransomware case is that it attacked the backups as well.
I basically work on a NAS that you use to write your backups to (oversimplification here, but it’s good enough for the sake of discussion). Somehow the ransomware found the NAS shares containing the backups and nuked them as well.
On the bright side, because of the nature of how our product works, while the backup files themselves are gone (i.e. they don’t show up in a directory listing), the backup data itself appears to be mostly intact. The trick is to find a way to create new directory listings and connect them to the intact data.
I agree with that assessment. Although, I guess there is still a window where the ransomware attacks the mounted backup drive while you’re doing your backups.
So apparently the ransomware in question was Ryuk, which is particularly nasty as it’s explicitly designed to not just encrypt your data, but to go after your backups and backup apps too.
So apparently the malware in question was the Ryuk ransomware. Fortunately, due to a quirk on how our product works combined with good timing on the part of customers and support, it appears as if we were able to salvage most of the customer’s data so far.
Before I went to bed I heard a thump thump thump noise that was extremely regular, like a clock. I figured maybe my neighbor bought something like a clock with a pendulum and I would ask them about it if it didn’t go away.
Noise was still there when I woke up. Still regular like a metronome. Difference is I noticed a very wet area of the ceiling. Called all the people. Good thing I rent and also have renter’s insurance.
Also very weird that this is above my bedroom on the third floor. The roof is many floors above me, how could water come from there? All the kitchen sinks and bathroom plumbing is at the front of the apartment. The sprinkler system runs through the center, to the left of this leak. There is no reason for any plumbing of any kind to be above that spot in my ceiling.