hacked by the (alleged) `amazon-security' scammers

Joel Rees joel.rees at gmail.com
Sat Nov 13 01:06:02 UTC 2021 

2021年11月8日(月) 0:24 hput via ubuntu-users <ubuntu-users at lists.ubuntu.com>:

> ubuntu-21.04
> LXDE desktop
>
> I fell for the scammers baloney for long enough, that they had the
> opportunity to do what ever they wanted to my Windows 10 OS.
>

So what exactly did they do? (Don't answer, just read through the list.)

Send you an e-mail that said, "Hah hah we pwns ur machine! Send us $"?

Drop files named similarly on your desktop?

Insert such a notification in your message queue?

Actually succeed in destroying user documents?

Actually succeed in locking/encrypting user documents or stealing credit
card numbers or such?

Leave threatening messages on your admin user's desktop?

Leave such blackmail in your OS file system?

Insert drivers or other bits of junk that block access to the machine
except to display the blackmail message?

Modify your BIOS?

The first should be ignored, of course.

The second through fifth, you need to dig around to see how much damage was
done. If your work login is non-admin, you may we'll be safe in just
removing write and execute permissions for all on all of that user's
directories and subdirectories.

The rest also have varying degrees of response, ...

I have that machine unplugged from internet and shutdown currently.
>
> I want to scrub the disks and reinstall back on those same disks.
>

... but scorched-earth is only going to be useful if you are able to
restore the BIOS to a known-good BIOS, and maybe not even then.

But if you can restore the BIOS, you really don't need to erase the whole
disk, and, in fact, you shouldn't.

Just write- and execute-lock the disk and only attach through a USB
adapter. Buy a new disk for your system re-install.

If the intruders have written into your OS or BIOS, they may well have
written into the disk controller itself.


> Thinking about what and how to do it.
>
> Maybe use the linux based SystemRescueCD. Although I'm not sure how a
> real scrub is done or if that rescue tool has the necessary tools to
> do it.
>

Scrubbing is time consuming and is not guaranteed to work on modern media.

I once wrote a random number generator as a source, attached but did not
mount a drive that had sensitive data, and wrote the output of the random
number program to the raw drive. Waste of time. (Took a long time, good
thing I didn't need to use the system while it ground away at that.)

dd from /dev/zero or equivalent will do good enough unless you have
military secrets or such, and it takes a while to complete, too. And if
there are military secrets on the drive, physical destruction is best.

Anyone here that can coach me a little about how to go about getting
> the disks securely wiped.
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20211113/080d8816/attachment.html>

More information about the ubuntu-users mailing list