search for: ransomware

On 05/15/2016 01:00 PM, Andrew Bartlett wrote: > On Sat, 2016-05-14 at 22:42 -0700, ToddAndMargo wrote: >> Hi All, >> >> Is there anything in Samba that will help protect >> against ransomware? > > I've not had to look into this properly, but I would suggest that > regular and genuinely offline backups and regular Read Only snapshots. > > Andrew Bartlett > On linux, I do xfsdump's and rotate several full backups. I also leave the drives unmounted when not in u...

...17.05.2016 um 03:13 schrieb ToddAndMargo: >> On 05/15/2016 01:00 PM, Andrew Bartlett wrote: >>> On Sat, 2016-05-14 at 22:42 -0700, ToddAndMargo wrote: >>>> Hi All, >>>> >>>> Is there anything in Samba that will help protect >>>> against ransomware? >>> >>> I've not had to look into this properly, but I would suggest that >>> regular and genuinely offline backups and regular Read Only snapshots. >>> >> >> On linux, I do xfsdump's and rotate several full backups. I >> also leave th...

...have >>> an extra extension of ".crypt"? So it is easy to >>> see who got clobbered. >> >> how do you come to that conclusion and even if some malware acts that way what makes you sure you can rely on that? IMHO it would only be so when the developer of the ransomware is a fool! >> >> why should he give you something to make a "locate .crypt" on the fileserver and backups easy? > > So far most of the ransomware rename the encrypted files and place files with > instructions with constant names. They don't want to hide the fact t...

I'm not aware of the last, but in previous versions, ransomware encrypt all files and after this he delete original files. If you have a trash/recycle configured, you can recover these files. Em 17/05/2016 8:26 AM, "barış tombul" <bbtombul at gmail.com> escreveu: > Ransomware Overview: > > https://docs.google.com/spreadsheets/d/1q...

On 05/19/2016 11:09 AM, Helmut Hullen wrote: > Hallo, ToddAndMargo, > > Du meintest am 19.05.16: > >>>>>> Is there anything in Samba that will help protect >>>>>> against ransomware? > > [...] > >>> months ago there where ransomware which discovered shares without a >>> drive letter assigend > >> yes, I just read Fabians post. Oh on! >> Is it only CIFS drive shares it goes after? > > It's quite simple: if the user can write...

Hi All, Is there anything in Samba that will help protect against ransomware? -T -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

...that all the encrypted file now have > an extra extension of ".crypt"? So it is easy to > see who got clobbered. how do you come to that conclusion and even if some malware acts that way what makes you sure you can rely on that? IMHO it would only be so when the developer of the ransomware is a fool! why should he give you something to make a "locate .crypt" on the fileserver and backups easy? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature UR...

Ransomware Overview: https://docs.google.com/spreadsheets/d/1q_VSJoSwTv2L29HXouXm-muVfYtzX-VeAuzJUgICIUs/pubhtml .mp3 even got inside. ( I used fail2ban.) best regards 2016-05-17 12:01 GMT+03:00 Reindl Harald <h.reindl at thelounge.net>: > > > Am 17.05.2016 um 09:47 schrieb Fabian Cenede...

Am 17.05.2016 um 03:13 schrieb ToddAndMargo: > On 05/15/2016 01:00 PM, Andrew Bartlett wrote: >> On Sat, 2016-05-14 at 22:42 -0700, ToddAndMargo wrote: >>> Hi All, >>> >>> Is there anything in Samba that will help protect >>> against ransomware? >> >> I've not had to look into this properly, but I would suggest that >> regular and genuinely offline backups and regular Read Only snapshots. >> > > On linux, I do xfsdump's and rotate several full backups. I > also leave the drives unmounted when not...

I had to deal with ransomware at the end of April. One of the PCs on my customer's network was infected by opening a realistic looking email apparently from a genuine supplier to the company and personally addressed. The infection occurred on Wednesday, but encryption of the server only took place late on Friday afternoon,...

Iscsi cant be encrypted. Join my framily E02705708hn 3032 last name BURGHARDT state is co Cheapest sprint service only 25 a month. On Sun, May 15, 2016 at 3:30 PM, peter lawrie < peter.lawrie at glendiscovery.co.uk> wrote: > I had to deal with ransomware at the end of April. One of the PCs on my > customer's network was infected by opening a realistic looking email > apparently from a genuine supplier to the company and personally addressed. > The infection occurred on Wednesday, but encryption of the server only took > place late o...

>> On Sat, 2016-05-14 at 22:42 -0700, ToddAndMargo wrote: >>> Hi All, >>> >>> Is there anything in Samba that will help protect >>> against ransomware? >> >> I've not had to look into this properly, but I would suggest that >> regular and genuinely offline backups and regular Read Only snapshots. >> >> Andrew Bartlett >> >> -- >> Andrew Bartlett http://samba.org/~ab...

I'm jumping in here late. There's been a lot of good suggestions already. Something I haven't seen mentioned is rsnapshot. The solution to ransomware like this is a good solid backup regimen and rsnapshot can be part of that. rsnapshot is opensource and based on rsync .. it requires a unix filesystem that supports hardlinks. It works on making a complete snapshot of the file system every 'n' periods. you specify who frequently. The cool...

>> Is it only CIFS drive shares it goes after? > >It's quite simple: if the user can write onto the share then ransomware >also can write. Samba/Windows shares can be discovered, that's how Windows itself does it when browsing the network. It wouldn't be difficult for a virus to use the FTP protocol as well. However it wouldn't know what server to connect to and what username/password to use if prote...

On 06/28/2017 01:33 PM, Reindl Harald via samba wrote: > that would break normal usecases like replace a folder with thousands of > files with a older version especially on fast networks True. That's why I'm asking here for (better) ideas. And I posted one idea I found (the ransomware-samba-tools link earlier) already, but I'm just trying to get some dialogue / brainstorming going on here... :-) MJ

Hi all, Just out of curiosity: is there anything we can do, on the samba side, to counter the recent ransomware attacks? (or limit the damage done) I'm thinking like: limit the number of files per second a client (workstation) is allowed to edit, or some other smart tricks..? It would be nice if samba could be an extra layer of defense. Something perhaps a vfs module could help with..? Anyone with t...

...017 at 8:42 AM, David Disseldorp via samba <samba at lists.samba.org> wrote: > Hi, > > On Wed, 28 Jun 2017 11:08:11 +0200, mj via samba wrote: > >> Hi all, >> >> Just out of curiosity: is there anything we can do, on the samba side, >> to counter the recent ransomware attacks? (or limit the damage done) >> >> I'm thinking like: limit the number of files per second a client >> (workstation) is allowed to edit, or some other smart tricks..? >> >> It would be nice if samba could be an extra layer of defense. >> >> Somet...

...in case of a small VMware > cluster with 2 hosts even not just 2 network cables from each to the > SAN-storage with no switch at all? > > > On Sun, May 15, 2016 at 3:30 PM, peter lawrie < >> peter.lawrie at glendiscovery.co.uk> wrote: >> >> I had to deal with ransomware at the end of April. One of the PCs on my >>> customer's network was infected by opening a realistic looking email >>> apparently from a genuine supplier to the company and personally >>> addressed. >>> The infection occurred on Wednesday, but encryption of t...

Hi, On Wed, 28 Jun 2017 11:08:11 +0200, mj via samba wrote: > Hi all, > > Just out of curiosity: is there anything we can do, on the samba side, > to counter the recent ransomware attacks? (or limit the damage done) > > I'm thinking like: limit the number of files per second a client > (workstation) is allowed to edit, or some other smart tricks..? > > It would be nice if samba could be an extra layer of defense. > > Something perhaps a vfs modul...

ToddAndMargo <ToddAndMargo at zoho.com> writes: > On 05/20/2016 06:31 AM, Nico Kadel-Garcia wrote: >> Those can also >> often be made accessible by Samba as read-only CIFS shares, for people >> to recover their own files. It's invaluable for people not to have to >> bother their local sysadmin to get last night's copy of the files they >> just