I downloaded duplicati to bakcup and it encrypted my information

Install duplicati and configure a backup job.

I left the task running and the next day my folder was encrypted, infected by the Medusalock ransomware .deadfiles

The security of duplicati is compromised.


Where did you download Duplicati from? The files on Github and the official site are clean and not infected. If you got the installer from these official download links, then your ransomware infection was coincidental.

I downloaded the installer directly from your site.


It must have been coincidental then. Were you able to recover your data?

Welcome to the forum @Orlando_Nolasco

VirusTotal at https://www.virustotal.com/gui/home/url, fed the URL you cited got “Clean” from 36 engines.
To guard against old data, I downloaded it, and uploaded, and got a newer “Undetected” from 30 engines.

Can’t find that one. Maybe you mean MedusaLocker which got quite a few mentions on web search, e.g.

10 Ransomware Strains Being Used in Advanced Attacks which also says that sometimes there’s huge delay before the attack is launched. Other times, it’s immediate, but I don’t see how Duplicati is involved.

What does this mean? There seems to be a variant that uses a .deadfiles extention, not .encrypted.
You will probably want to try to figure out what hit you, while you’re looking for a way out (if that exists…).

Duplicati team can help you with the restore, if you managed to backup. You can inspect your backup in Restoring files if your Duplicati installation is lost on another system. Is it there? Do file names look OK?