I just find out that my Debian laptop is somehow infected with WannaCry virus.
I will try to describe my set up:
My laptop has two partitions - one for Windows - one for Linux.
Recently (last 6 months) I did a fresh install of Debian Stable + XFCE in this laptop (on the Linux partition only).
For some reason, GRUB was not recognizing Windows 10 Home partition but I didn't really care. I was able to "browse" the files that I wanted from Windows 10 partition (videos / pictures/pdfs) by mounting this Windows 10 partition to Debian.
As a result this laptop was booting directly to Debian (and this was fine for me).
I did install Samba Client and Server on my Debian.
I "shared" my Windows 10 Data from Windows 10 partition from this laptop to the LAN using SMB.
I also had attached an external HDD to my Debian and I also "shared" this external hdd to my LAN using smb.
To be able to access those shared drives/folders outside of my LAN I had the fantastic idea to open port 445 in my home router using port forwarding of 445 to the IP of my LAN laptop - Debian partition.
Also I installed ZeroTier on my Debian.
PS: Just to mention in this point that while I was in my work and while my work laptop has been connected to the same ZeroTier network as my home laptop, it was possible to browse the shared folders (and open files) from my Windows 10 partition or from my external HDD using my work laptop without any problem.
There is not any kind of Anti-Virus/Anti-Malware installed on my Debian
On my home LAN there are also some Windows laptops but those laptops seem that are not affected by WannaCry.
On my Debian Laptop documents, PDFs, pictures, videos, files from Github repos have all been renamed to the
.want_to_cryextension.The WannaCry extension has been also applied to all the files of my laptop Windows 10 partition and also to all the files of my external HDD.
So the question is:
- Is there a way to recover my files? Especially Windows 10 partition files (documents, pictures, videos) and also the files of my external HDD?
- How to scan my Debian for ransomware/malware?
I did find a lot of "guides" in the internet about WannaCry virus removal and files restoration, but all of those guides are talking about WannaCry removal on Windows. No instruction have been found for Debian.
I know that the whole set up is kind of confusing, but if somebody has an idea to drop will be highly appreciated.
Here is a file listing showing files with the .want_to_cry extension:
This is a simple cat (cat manon.sh.want_to_cry | less) in on one of my shell scripts:
Fortunatelly, this script manon.sh is saved in my github repo, and the real contents of this file look like this:
And here is the ransom note:
