Droppie<p>Well OMZ have i ever been in a bit of a digital flap here, for the past few hours 😳<span><br><br>Was happily pooterising away on Lappy, in the Sunroom, as is my wont in winter coz the Study wherein lives </span><i>main</i> pooter Tower tends to be a bit chilly in the morns. All was going tikkettyboo when all of a sudden... <i>it wasn't</i>. 😮<span><br><br></span><a href="https://blahaj.zone/tags/ReallyWeirdShit" rel="nofollow noopener noreferrer" target="_blank">#ReallyWeirdShit</a> began happening. Apps stopped working, stopped even launching. In <a href="https://blahaj.zone/tags/LMDE" rel="nofollow noopener noreferrer" target="_blank">#LMDE</a>'s file manager, my directories & files began disappearing. Soon, eventually, everything in my <code>Home</code> directory was <i>gorn</i>, replaced merely with two directories for <a href="https://blahaj.zone/tags/eCryptfs" rel="nofollow noopener noreferrer" target="_blank">#eCryptfs</a>, being <code>.ecryptfs</code> & <code>.Private</code><span>. <br><br>I badly struggled to even conceive what might have just happened, having never experienced anything like this before. My misanthropic </span><i>glass half empty</i> self soon suspected that somehow, inexplicably, Lappy had just copped a malicious attack from someone who disables victim's pooters by covertly running some malware that encrypts all the user's data files. 😱<span><br><br>But... how? How the fsck? This ain't windoze, it's Linux? What even was the vector? By definition there's been no local attack, as only my two teddybears & me are here. How though could it have been a remote attack? I do not go about downloading random files from dodgy sites. My browsers are very hardened, explicitly to make difficult or impossible any drive-by attacks from compromised sites. <br><br>Completely flummoxed, i accepted that there was nothing more i could do to try to salvage Lappy, aside from a reinstallation beginning with wiping the SSD, & hoping like hell the UEFI firmware hasn't been infected. Feeling sick in the tummy with worry about exactly what happened & how, wrt what could i do differently to guard against repeat attacks, i resigned myself to this course of action. First though, i decided to fully shutdown then cold boot, in order to at least have the intellectual satisfaction of getting to see the anticipated hijack / ransomware screen.<br><br>Shutdown. Booted. Unlocked the SSD password. Still all normal. Unlocked the LMDE encryption. Still all normal. Logged into the Cinnamon desktop... hey wait a tick, that should not have been possible, if all my </span><code>Home</code><span> is locked away! Desktop looks & behaves like normal. Apps launch & run fine. File manager shows all my data is there, fine & dandy.<br><br>Wtaf? </span>😮🤯🤷<span><br><br></span><b>TLDR</b><span><br>I do not now believe there was any attack. I belatedly remembered that unlike my Tower's </span><a href="https://blahaj.zone/tags/ArchLinux" rel="nofollow noopener noreferrer" target="_blank">#ArchLinux</a> which uses <a href="https://blahaj.zone/tags/LUKS" rel="nofollow noopener noreferrer" target="_blank">#LUKS</a> <a href="https://blahaj.zone/tags/encryption" rel="nofollow noopener noreferrer" target="_blank">#encryption</a>, LMDE uses... <i>eCryptfs</i>. Uh. I suspect that something caused LMDE to experience a serious integrity problem as i pooterised away on it this morn, such that somehow it re-encrypted itself in operation... which should never occur, & is clearly a serious problem. Happily the reboot resolved it, & most happily i can stop worrying about having been hacked. Neither of those however ameliorate the fact that a few high-stress hours have been lost to this shitfuckery. 🥺</p>