wonderwond 2 Posted February 24, 2024 Posted February 24, 2024 this is the second time the .0xxx ransom ware has attacked me in a year its ate all my pictures and movies, its only related to the emby server, this morning, three plugins installed out of the blue then bam was infected, not sure if that had anything to do with it or not but can anyone help me save my pictures and movies? I've already repaired my music. !0XXX_DECRYPTION_README.TXT anyone else having the same issues ? or how to prevent it ?
Happy2Play 9782 Posted February 24, 2024 Posted February 24, 2024 8 minutes ago, wonderwond said: this morning, three plugins installed out of the blue then bam was infected Devs will want to see the server logs for this.
Happy2Play 9782 Posted February 24, 2024 Posted February 24, 2024 (edited) Depends on your platform. Emby Server Data Folder | Emby Documentation But do not know if the Ransom issue affect these files. Edited February 24, 2024 by Happy2Play
wonderwond 2 Posted February 25, 2024 Author Posted February 25, 2024 6 hours ago, Luke said: Also, what three plugins? Addic7ed 1.1.1.0 XmlTV 1.1.6.0 SubDb 1.0.7
Luke 42080 Posted February 25, 2024 Posted February 25, 2024 12 minutes ago, wonderwond said: Addic7ed 1.1.1.0 XmlTV 1.1.6.0 SubDb 1.0.7 OK as requested before, we'd have to see the server log. The xmltv plugin is included with the server, so anytime we publish updates for it, you'll get that update. So this was not a new plugin installation, it was an update of an existing one.
wonderwond 2 Posted February 25, 2024 Author Posted February 25, 2024 6 minutes ago, Luke said: OK as requested before, we'd have to see the server log. The xmltv plugin is included with the server, so anytime we publish updates for it, you'll get that update. So this was not a new plugin installation, it was an update of an existing one. logs.zip 7 hours ago, Luke said: Also, what three plugins? Addic7ed 1.1.1.0 XmlTV 1.1.6.0 SubDb 1.0.7 logs.zip
Luke 42080 Posted February 25, 2024 Posted February 25, 2024 8 minutes ago, wonderwond said: logs.zipUnavailable Addic7ed 1.1.1.0 XmlTV 1.1.6.0 SubDb 1.0.7 logs.zip 2.31 MB · 0 downloads This is a whole folder full of log files, so obviously a lot of information so sift through. So first some questions: What makes you think this is emby server related? Do you think an unknown actor accessed your server, if so, do you have any idea when? Have you noticed any unrecognized ip addresses in the server activity viewer? If so, what, when, etc? Do all of your users have passwords?
Luke 42080 Posted February 25, 2024 Posted February 25, 2024 15 minutes ago, wonderwond said: logs.zipUnavailable Addic7ed 1.1.1.0 XmlTV 1.1.6.0 SubDb 1.0.7 logs.zip 2.31 MB · 1 download And by the way, these are not newly installed plugins. They are present in every single log that you provided. I do see where you uninstalled Addic7ed, but they were not just installed during the time of these logs.
softworkz 5071 Posted February 25, 2024 Posted February 25, 2024 @wonderwondThis malware is very unlikely connected to Emby in any way. You can: Submit your data here: https://id-ransomware.malwarehunterteam.com/ to see whether there's a known decryption tool available Further reading: https://www.bleepingcomputer.com/forums/t/753400/0xxx-nas-ransomware-0xxx-support-topic/
wonderwond 2 Posted February 28, 2024 Author Posted February 28, 2024 On 2/25/2024 at 5:08 PM, softworkz said: @wonderwondThis malware is very unlikely connected to Emby in any way. You can: Submit your data here: https://id-ransomware.malwarehunterteam.com/ to see whether there's a known decryption tool available Further reading: https://www.bleepingcomputer.com/forums/t/753400/0xxx-nas-ransomware-0xxx-support-topic/ maybe not, but all i do know is that it only effected folders on emby, no other folder or drive was infected by it,, just emby media folders that were used
softworkz 5071 Posted February 28, 2024 Posted February 28, 2024 14 minutes ago, wonderwond said: maybe not, but all i do know is that it only effected folders on emby, no other folder or drive was infected by it,, just emby media folders that were used Emby does not set the permissions on your media folders, that's something that you do.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now