Subj : Ubuntu, Crypto Malware
To   : MRO
From : Android8675
Date : Wed Nov 30 2022 08:43 am

  Re: Ubuntu, Crypto Malware
  By: MRO to Android8675 on Tue Nov 15 2022 04:33 pm

 > if you have it backed up, and your backups are clean, just 'nuke it from
 > orbit'.
 >
 > why do you want to waste time going on a search for it?
 > if your files are encrypted you aren't getting them back and you might lose
 > more anyways.

Files were fine, it wasn't a malicious app (thankfully), it was just a crypto app was being run from a cloud drive on my system. I blocked off the RADIUS port (1812) and the app stopped coming up. I'll have to figure out how/why it was happening. RADIUS has something to do with authentication. Maybe if I just switch to key auth only it'll block whatever backdoor I've obivously left open.

At any rate, I closed all but the ports I need and it seems OK now.

Glad I didn't have to nuke anything, and thankfully I got a fairly nice backup setup.

---