Well OMZ have i ever been in a bit of a digital flap here, for the past few hours 😳
Was happily pooterising away on Lappy, in the Sunroom, as is my wont in winter coz the Study wherein lives main pooter Tower tends to be a bit chilly in the morns. All was going tikkettyboo when all of a sudden... it wasn't. 😮
#ReallyWeirdShit began happening. Apps stopped working, stopped even launching. In
#LMDE's file manager, my directories & files began disappearing. Soon, eventually, everything in my
Home directory was gorn, replaced merely with two directories for
#eCryptfs, being
.ecryptfs &
.Private.
I badly struggled to even conceive what might have just happened, having never experienced anything like this before. My misanthropic glass half empty self soon suspected that somehow, inexplicably, Lappy had just copped a malicious attack from someone who disables victim's pooters by covertly running some malware that encrypts all the user's data files. 😱
But... how? How the fsck? This ain't windoze, it's Linux? What even was the vector? By definition there's been no local attack, as only my two teddybears & me are here. How though could it have been a remote attack? I do not go about downloading random files from dodgy sites. My browsers are very hardened, explicitly to make difficult or impossible any drive-by attacks from compromised sites.
Completely flummoxed, i accepted that there was nothing more i could do to try to salvage Lappy, aside from a reinstallation beginning with wiping the SSD, & hoping like hell the UEFI firmware hasn't been infected. Feeling sick in the tummy with worry about exactly what happened & how, wrt what could i do differently to guard against repeat attacks, i resigned myself to this course of action. First though, i decided to fully shutdown then cold boot, in order to at least have the intellectual satisfaction of getting to see the anticipated hijack / ransomware screen.
Shutdown. Booted. Unlocked the SSD password. Still all normal. Unlocked the LMDE encryption. Still all normal. Logged into the Cinnamon desktop... hey wait a tick, that should not have been possible, if all my Home is locked away! Desktop looks & behaves like normal. Apps launch & run fine. File manager shows all my data is there, fine & dandy.
Wtaf? 😮🤯🤷
TLDR
I do not now believe there was any attack. I belatedly remembered that unlike my Tower's #ArchLinux which uses
#LUKS #encryption, LMDE uses... eCryptfs. Uh. I suspect that something caused LMDE to experience a serious integrity problem as i pooterised away on it this morn, such that somehow it re-encrypted itself in operation... which should never occur, & is clearly a serious problem. Happily the reboot resolved it, & most happily i can stop worrying about having been hacked. Neither of those however ameliorate the fact that a few high-stress hours have been lost to this shitfuckery. 🥺
artlog
Yann Büchau 
eighty
Droppie
BlablaLinux
Stephan Lichtenauer | נח סתו
Matt 🔶 (LordMatt)
ricardo 
Jarkko Sakkinen