JungleSec Ransomware

ozgurerdogan

Renowned Member
May 2, 2010
613
5
83
Bursa, Turkey, Turkey
We recently got JungleSec Ransomware on some of our pve servers. Elhamdülillah no damage. But there was no actual damage but only some linux kvms' boot record were broken. So we quickly restored zfs backup and all fine.

But what saved us is I think zfs file system. I read some articles that confirms my idea. Do you know if zfs is better for ransomwares? Is there a way to check if file sistem is safe or not on pve against ransomeware ? We are planing to reinstall pve but maybe it is not needed ?
Also is ip restriction to one ip for gui, ssh, ipmi access good enough security ?
 
Last edited:
We recently got JungleSec Ransomware on some of our pve servers. Elhamdülillah no damage. But there was no actual damage but only some linux kvms' boot record were broken. So we quickly restored zfs backup and all fine.

But what saved us is I think zfs file system. I read some articles that confirms my idea. Do you know if zfs is better for ransomwares? Is there a way to check if file sistem is safe or not on pve against ransomeware ? We are planing to reinstall pve but maybe it is not needed ?
Also is ip restriction to one ip for gui, ssh, ipmi access good enough security ?
The real think that 's saved you is to have backups not too old. Zfs is unable to check if data is rewrited by unallowed user.
Theoricaly, youu server isn't publicly displayed, so no really need to lock the public IP.
But, you need to allow only by mac address, and disable password authentication for ssh. Use only certs authentication.
Finally, if the ransomware had been on your host, clearly, reinstall it whitout any kind of mercy
 
  • Like
Reactions: Johannes S
I saw ENCRYPTED.md on / but server was not rebooted. He probably got in from ipmi.
I searched for a way to block by mac address but I guess builtin firewall does not do that yet.
over GUI not accessible to allow on mac adress. But you can configure nftables in CLI for this kind of use
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!