Displaying 3 results from an estimated 3 matches for "cryptowall".
Did you mean:
cryptowall1
2016 May 16
1
Ransomware?
...own+Locky+on+Samba+server+using+fail2ban/20805
though it seems locky specific
I use this non-samba solution in cron.hourly. Pretty awful, but it works for malware that I know
about. I have fast drives, so updatedb only takes a few seconds.
#!/bin/sh
updatedb
wait 20
if locate DECRYPT > /tmp/cryptowall; then
mail -s "PANIC! Possible Server Cryptowall found" support at domain.com</tmp/cryptowall
#else
# echo "not found";
fi
if locate --regex INSTRUCTIONS_\.\{3,10}\.png > /tmp/cryptowall1; then
mail -s "Possible Cryptowall 4.0 found on server&q...
2016 May 16
4
Ransomware?
Am 16.05.2016 um 07:32 schrieb ToddAndMargo:
> May I surmise that all the encrypted file now have
> an extra extension of ".crypt"? So it is easy to
> see who got clobbered.
how do you come to that conclusion and even if some malware acts that
way what makes you sure you can rely on that? IMHO it would only be so
when the developer of the ransomware is a fool!
why should he
2015 Aug 19
6
Samba4 DC/AD documents created in redirected folders with bogus UID
I just noticed that my fresh install of Samba 4.2.3 has the same behaviour.
I have a share (\\samba\it_share)) and some users when creating files have
the UID as 3000000 and some have their correct UIDs.
Share permissons are being controlled by Windows ACLs.
On Wed, Aug 19, 2015 at 1:58 PM, Mark Foley <mfoley at novatec-inc.com> wrote:
> More information,
>
> It appears I've