Thank you to Steve Pitcher for his presentation. I went and checked what he mentioned on the partitions I am responsible for.
There were two questions that Steve said he would look into and provide an answer to. These were:
- Operating system objects damaged by the destruction of the /QDLS file system:
- 5770-SS1 option 3: extended base support in *ERROR status
- 5770-SS1 option 9: *PRV CL Compiler Support in *ERROR status
- Doing some manual checking on legacy QDLS things that broke…SNDSMTPEMM doesn’t work anymore
- File extensions in QDLS are not to exceed three characters as indicated. So if the ransomware attempts to change to a longer extension, then that will fail. This character extension limitation does not prevent the destruction of data if malware is launched with that intent.