Hi,
For the second time in 3 weeks I got confronted with a complete encryption of my nextcloud server by a ransomware named MARS.
I was using the latest stable nextcloud version, a strong, not guessable password and 2-factor auth and ransomware protection was on.
My NAS where the install was on, was only exposed by one port for nextcloud.
All the other directories of the NAS, outside nextcloud are unaffected, it’s only the nextcloud folder that has the ransomware.
None of the ransomwared files got back to my computer and I only used it to synch a few shares, but I thought it was smart to put it here, in case someone else has the same problem it seems nextcloud is targeted.
I scanned the computer for several times (macos) and there doesnt seem to be any file infected, so it looks like this is just happening within nextcloud.
This wasn’t a real problem, so for the second time I just deleted the whole thing, I have back-ups.
A VPN looks like the smart thing to do, but unfortunaltely I’d like to use nextcloud to share with a computer I can’t use a VPN on (company policy)