xReppa

I got this ransom ware to, i've no windows in my network, all my machine and NAS are under Linux. My infected machine is an OpenMediaVault (an old revision), no rdp, no ssh, no external access. But one day i got all my file infected, and the reason was that i've opened the samba share for my sister, sister who live 500km from me and using windows, so i've redirect samba port from my internet box to my nas, after she has finished all copy, i completely forgot to remove the port redirection in my Box, and 2 months later i was infected, an not by my sister computer, she stop using it 1 month ago. So if it can help people, be sure to be up to date, remove samba (1.0) by default, unless you're sure that the 3rd version of the protocol is used, and use only sFTP to transfert data between computer. Reppa