Am 16.05.2016 um 01:05 schrieb jacek burghardt:> Iscsi cant be encrypted.what has this to do with samba and who has iSCSI (SAN) on the normal network instead a seperated storage network or in case of a small VMware cluster with 2 hosts even not just 2 network cables from each to the SAN-storage with no switch at all?> On Sun, May 15, 2016 at 3:30 PM, peter lawrie < > peter.lawrie at glendiscovery.co.uk> wrote: > >> I had to deal with ransomware at the end of April. One of the PCs on my >> customer's network was infected by opening a realistic looking email >> apparently from a genuine supplier to the company and personally addressed. >> The infection occurred on Wednesday, but encryption of the server only took >> place late on Friday afternoon, presumably having obtained encryption keys >> from the criminals. The malware did not encrypt documents on the infected >> PC, but documents and spreadsheets in every folder on the samba shares were >> encrypted. Fortunately the backup to rdx disk was working (On my previous >> visit to the customer the backup had NOT been working and nobody had >> noticed!). >> I used linux 'cp -npr' to restore missing files and >> >> find / -name “*.crypt” –type f –delete [deletes all files *.crypt] >> >> find / -name “*de-crypt*” –type f –delete [deletes ransom message from >> every directory which had contained encrypted files] >> >> >> The answer to the question is take extreme care with incoming emails and >> always make sure the backups are working.-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20160516/4fbca2b3/signature.sig>
Well iscsi makes safe backup target. The way to protect yourself is to have backup of samba shares to iscsi. Join my framily E02705708hn 3032 last name BURGHARDT state is co Cheapest sprint service only 25 a month. On Sun, May 15, 2016 at 6:34 PM, Reindl Harald <h.reindl at thelounge.net> wrote:> > > Am 16.05.2016 um 01:05 schrieb jacek burghardt: > >> Iscsi cant be encrypted. >> > > what has this to do with samba and who has iSCSI (SAN) on the normal > network instead a seperated storage network or in case of a small VMware > cluster with 2 hosts even not just 2 network cables from each to the > SAN-storage with no switch at all? > > > On Sun, May 15, 2016 at 3:30 PM, peter lawrie < >> peter.lawrie at glendiscovery.co.uk> wrote: >> >> I had to deal with ransomware at the end of April. One of the PCs on my >>> customer's network was infected by opening a realistic looking email >>> apparently from a genuine supplier to the company and personally >>> addressed. >>> The infection occurred on Wednesday, but encryption of the server only >>> took >>> place late on Friday afternoon, presumably having obtained encryption >>> keys >>> from the criminals. The malware did not encrypt documents on the infected >>> PC, but documents and spreadsheets in every folder on the samba shares >>> were >>> encrypted. Fortunately the backup to rdx disk was working (On my previous >>> visit to the customer the backup had NOT been working and nobody had >>> noticed!). >>> I used linux 'cp -npr' to restore missing files and >>> >>> find / -name “*.crypt” –type f –delete [deletes all files *.crypt] >>> >>> find / -name “*de-crypt*” –type f –delete [deletes ransom message from >>> every directory which had contained encrypted files] >>> >>> >>> The answer to the question is take extreme care with incoming emails and >>> always make sure the backups are working. >>> >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Am 16.05.2016 um 03:32 schrieb jacek burghardt:> Well iscsi makes safe backup target. The way to protect yourself is to > have backup of samba shares to iscsi.*lol* ANYTHING not reachable from clients makes a safe backup IN THEORY but no backup at all will help you if the retention time was not long enough and crypto malware on clients silently encrypted your data so still: completly off-topic> On Sun, May 15, 2016 at 6:34 PM, Reindl Harald <h.reindl at thelounge.net > <mailto:h.reindl at thelounge.net>> wrote: > > > > Am 16.05.2016 um 01:05 schrieb jacek burghardt: > > Iscsi cant be encrypted. > > > what has this to do with samba and who has iSCSI (SAN) on the normal > network instead a seperated storage network or in case of a small > VMware cluster with 2 hosts even not just 2 network cables from each > to the SAN-storage with no switch at all?-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20160516/f96f1b58/signature.sig>