John Schmerold john@katy.com KatyComputerSystems
2015-Apr-01 18:04 UTC
[Samba] CryptoLocker
For a CryptoLocker infection to be successful, a few things must be occur including: 1) No backup 2) Many files need to be encrypted Has anyone developed a Samba plugin to prevent successful CryptoLocker infections by shutting down Samba when an unusual number of data files are modified by a specific workstation? This type of utility would have many security applications, for example employees have been known to fill a 64GB jumpdrive just prior to turning in their resignation. -- John Schmerold Katy Computer Systems, Inc https://katy.com St Louis
On Wed, Apr 01, 2015 at 01:04:42PM -0500, John Schmerold john at katy.com KatyComputerSystems wrote:> For a CryptoLocker infection to be successful, a few things must be > occur including: > 1) No backup > > 2) Many files need to be encrypted > > Has anyone developed a Samba plugin to prevent successful > CryptoLocker infections by shutting down Samba when an unusual > number of data files are modified by a specific workstation?Not to my knowledge, but the Samba VFS API is easy enough to code to that there are probably lots of site-specific VFS modules that people use.