Interesting. Seems like everything hinges on entering a root/sudo password before the final FS-traversal+encryption begins. The screen grab shows a X password prompt. Wonder if there is a CLI version as well.
These things are the reason we spend time making and testing backups.
In the same vein, I listened to this on the weekend.
Decrypting ransomware for goodhttps://thecyberwi...rs-2019-10-12.html Michael Gillespie is a programmer at Emsisoft, as well as a host of the popular ID Ransomware web site that helps victims identify what strain of ransomware they may have been infected with, and what decryptors may be available. He's written many decryptors himself, most recently for the Syrk strain of ransomware. |
The interviewee, Michael GIllespie (aka Demonslayer333) has a youtube channel where he runs through reverse engineering some of these things.
https://www.youtub.../user/Demonslay335