Disaster Recovery - Ransoware attack

Dear @ID10T,

Almost all reply to my post are OT, and I’m not able to understand why. Ransomware is off topic.
For sure is my fault and even if many thigs related to this attack looks strange, this is not the argument.

I’m trying to find a procedure for Virtualmin’s disaster recovery and I don’t know, I don’t understand Why almost everyone talk about the Ransomware but not give any solution…

it’s in the title of the thread that’s why

1 Like

@xerse That was my point. The easiest thing to do is:

1 Take it off the network (if it can’t phone home it probably won’t lock because it needs to verify the extortion before it does so).

  1. Use a recovery cd to mount the system and boot it without the old boot loader. I used the Debian WIKI information because my system was Debian.

  2. Use Virtualmin to backup what you need too.

  3. Make sure the new system is patched.

  4. Restore data.

This is all 1st hour stuff and you are now 10 days in? I understand this can be frustrating. You are in hungry monkey stage.

Literally psychology 101 stuff. Researchers trained a monkey to open a lock and get a banana. They stopped feeding the monkey. He resorted to trying to break the lock. Beat it, pry at it, whatever. Anything but try to open the lock they way he had been trained. So they feed the monkey and he now goes back to properly opening the lock to get the banana. So, the monkey hadn’t forgotten HOW. He was desperate and just tried to bypass the proceedure.

I’m not being insulting. There are times I remind myself I’m being Mr. Monkey and need to calm down and follow the procedure. Booting past grub does take a little patience but it is ultimately the path of least resistance.

Never think that any of us don’t want to see you succeed.

what happens if this is in a data center ? you would just reprovision the instance surley ?

Poster is already using a live cd and mounting the file system. Only has to boot past the old boot loader at this point.,

Postfix stores mails in files. They are not stored in any database (RoundCube does need a database to work but mail is stored in files by Postfix).
So copying the folder will copy all mails you have.
You have to replace domainname for the real domain name.
Be sure the files are copied with date & time, otherwise all mail will appear with today’s date.

Hi @ID10T,

Well… anyone fall into the Mr Monkey syndrome. But it’s not yet my time. Simply recovery operations on multiple servers takes time. And Virtualmin server come after more important servers.
I’m tired and stressed as I suppose anyone may understand.

Your steps have one point not clear to me. Probably because I never done it and my knowledge is poor:
you wrote: 2. Use a recovery cd to mount the system and boot it without the old boot loader. I used the Debian WIKI information because my system was Debian.

I can use a LiveCD to boot the server and read data, but your description sounds like I can use the LiveCD to boot the original OS using the GRUB belonging the LiveCD ISO bypass the GRUB on the disk.

Correct? if yes, how?

Thanks a lot @jorgecardenas1,
It’s hepfull. Than I could restore on a new server the old BK I’ve and simply past all emails from the old server’s Disk (retain date & time)?

Will Virtualmin show all emails without I’ve to import other things?

Yes, it is correct. Restore your virtualserver and copy each Maildir folder for each domain (make sure the copy keeps date & time since sometimes it give you today date and all your mails will have same date which is a mess).
Nothing else is needed in Virtualmin, unless a new user was created after the backup,

Users should being all included into the last backup.
I’ve to search how to transfer files without altering datetime, but thank you very much

Yes. I used the live cd to boot into my distro. From there I ran the grub commands to restore the boot loader.

I used the Debian WIKI but lots of info out there. First hit.

1 Like

Hello guys, unfortunately boot-repair tool failed.
I’m searching for some more ideas :frowning:


I’ve moved this over to the “Jobs” category as it goes a bit beyond the scope of basic “Newbie” Virtualmin topic. People who monitor the “Jobs” category whether it’s a PAID job or FREE advice would be more suited to address this type of situation.

1 Like

Thanks @tpnsolutions,
I’m writing the last message here just to left an update may help others.

boot-repair tool as well as grub reintallation fail. Same as per grub2-install, it show: error while loading shared libraries “libdevmapper.so.1.02”
Probably some things were damaged or somethig else. I don’t know. but this is OT.

I created a new installation and moving/updating all disk contens from the old disk to the new one (retaining timestamp … cp -p. In this way the boot works but many part of virtualmin does not start, than I can access the shell but not the GUI.

Now I’m doing a backup and I’ll do some more test, But at this point it seems I have to create a new post in “how to repair a virtualmin installation”

thanks everyone for suggesitons

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.