Wasn’t sure where to put this. I have run a Plex server for around 7 years. It resides on a resilient little I3 running Windows 7. It has been a beast handling 8-10 streams without a problem. 3 days ago I upgraded to the new Xfinity Xfi service which boasts the ability for greater speeds (supposedly), eliminates the data caps and adds more security. On the first night the Xfi app alerted me that there were many threats detected attempting to access my plexserver. The app recommended I close up all ports and not leave my network vulnerable. Now, I know as a longtime plex user I need to keep that main port open or no one can access the server remotely. So I googled it and saw on the forums that other plex users had problems with the Xfi enhanced security and that they could not get through remotely with it running. The recommendation was to disable the enhanced security. I promptly did so and all went well for the next day. This morning I accessed the plex server through my main PC to find an old photo (all my media is hosted on the plex server) and my photos all had broken thumbnails and wouldn’t open. I immediately remote desktopped over to my plex server and found that it had been taken over by a ransomware. Particularly Mr.Dec. Everything is now encrypted.
I was a computer guy years ago and I dealt with the first string of ransomware viruses back in the early 2010’s. I know the likelihood of successful recovery is not good. But on the technical side - my Plexserver is never used to run anything. It simply feeds the video and is never used to do anything other than the occasional login to maintain the server. One, I don’t know how this could have gotten on there and two, I don’t know how it was activated. I’d like to know if anyone else has had their server attacked? Is this a somewhat common thing? Does anyone think it had something to do with the new Xfinity setup? I ran this this exact server configuration for over 5 years with no issues and then 2 days after I switch and disable their enhanced security I get hit with the motherlode of viruses. Seems a little too coincidental. Anyone have any thoughts? Is this something I should be concerned about once I rebuild?
Thanks!
