I've got 0xxx ransomware

• Tanyo Ivanov
• Jun 25, 2023

Hello,
It was a sunny sunday in Bulgaria and everything was going great! I was just preparing to go for a ride with my bycicle and wanted just to update my server. When i ran the custom command for update I saw a message that I need to commit some changes in the git repository before executing a git pull command. I checked the status of the repo and what to see...there were strange files with extension 0xxx. Then i opened the websites and saw that they are switched off and everything on my server is encrypted in files with the same extension 0xxx. After a short try to recover the things I searched about the extension and saw in the web that this is a specific 0xxx ransomware which encrypts all the files on the server and makes it unusable. Terrible! Even my backups were encrypted and all the volumes of the docker containers...everything. I had a raid drive and btrfs snapshots, but they were encrypted too. Really Terrible! For now I am looking of a solution to the problem and mainly running some antivirus scans with tools as CalmAV etc. Will keep you posted.