On 05/15/2016 01:00 PM, Andrew Bartlett wrote:> On Sat, 2016-05-14 at 22:42 -0700, ToddAndMargo wrote: >> Hi All, >> >> Is there anything in Samba that will help protect >> against ransomware? > > I've not had to look into this properly, but I would suggest that > regular and genuinely offline backups and regular Read Only snapshots. > > Andrew Bartlett >On linux, I do xfsdump's and rotate several full backups. I also leave the drives unmounted when not in use. Ransomware is only dangerous where they can find a drive letter. I am trying to get a few of my Windows clients to back up to a Linux ftp server (no drive letters). Must have several rotations of data though. I do not like incremental backups, especially when I have all night to run a backup. And single Windows workstations to back up to an ext4 drive with four revolving partitions, so that only one drive letter is exposed at a time. Ext4 to screw with ransomware minds if they ever figure out how to attack hidden drives in Windows.
>also leave the drives unmounted when not in use. Ransomware >is only dangerous where they can find a drive letter.Actually that's not true. There are some that can attack any share, whether mapped on a drive letter or not. e.g. http://www.securityweek.com/locky-ransomware-encrypts-unmapped-network-shares bye Fabi
Am 17.05.2016 um 03:13 schrieb ToddAndMargo:> On 05/15/2016 01:00 PM, Andrew Bartlett wrote: >> On Sat, 2016-05-14 at 22:42 -0700, ToddAndMargo wrote: >>> Hi All, >>> >>> Is there anything in Samba that will help protect >>> against ransomware? >> >> I've not had to look into this properly, but I would suggest that >> regular and genuinely offline backups and regular Read Only snapshots. >> > > On linux, I do xfsdump's and rotate several full backups. I > also leave the drives unmounted when not in use. Ransomware > is only dangerous where they can find a drive letterthat is simply not true months ago there where ransomware which discovered shares without a drive letter assigend -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20160517/7098aca0/signature.sig>
On 05/17/2016 12:43 AM, Fabian Cenedese wrote:> >> also leave the drives unmounted when not in use. Ransomware >> is only dangerous where they can find a drive letter. > > Actually that's not true. There are some that can attack any share, > whether mapped on a drive letter or not. > > e.g. > http://www.securityweek.com/locky-ransomware-encrypts-unmapped-network-shares > > bye Fabi > >Oh No! Do they also go after FTP shares? -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
On 05/17/2016 01:54 AM, Reindl Harald wrote:> > > Am 17.05.2016 um 03:13 schrieb ToddAndMargo: >> On 05/15/2016 01:00 PM, Andrew Bartlett wrote: >>> On Sat, 2016-05-14 at 22:42 -0700, ToddAndMargo wrote: >>>> Hi All, >>>> >>>> Is there anything in Samba that will help protect >>>> against ransomware? >>> >>> I've not had to look into this properly, but I would suggest that >>> regular and genuinely offline backups and regular Read Only snapshots. >>> >> >> On linux, I do xfsdump's and rotate several full backups. I >> also leave the drives unmounted when not in use. Ransomware >> is only dangerous where they can find a drive letter > > that is simply not true > > months ago there where ransomware which discovered shares without a > drive letter assigendyes, I just read Fabians post. Oh on! Is it only CIFS drive shares it goes after?