[Samba] Ransomware?

Alex Ferrara alex at receptiveit.com.au
Mon May 16 00:04:54 UTC 2016 

I like to put my Samba server on ZFS and take hourly snapshots. While the main share can be encrypted, the snapshots will remain in tact.

Currently I am using FreeBSD but will be starting a test server on Debian with ZFS.

aF

> On 16 May 2016, at 9:05 am, jacek burghardt <jaceksburghardt at gmail.com> wrote:
> 
> Iscsi  cant be encrypted.
> 
> Join my framily E02705708hn 3032 last name BURGHARDT state is co
> Cheapest sprint service only 25 a month.
> 
> On Sun, May 15, 2016 at 3:30 PM, peter lawrie <
> peter.lawrie at glendiscovery.co.uk> wrote:
> 
>> I had to deal with ransomware at the end of April. One of the PCs on my
>> customer's network was infected by opening a realistic looking email
>> apparently from a genuine supplier to the company and personally addressed.
>> The infection occurred on Wednesday, but encryption of the server only took
>> place late on Friday afternoon, presumably having obtained encryption keys
>> from the criminals. The malware did not encrypt documents on the infected
>> PC, but documents and spreadsheets in every folder on the samba shares were
>> encrypted. Fortunately the backup to rdx disk was working (On my previous
>> visit to the customer the backup had NOT been working and nobody had
>> noticed!).
>> I used linux 'cp -npr' to restore missing files and
>> 
>> find / -name “*.crypt” –type f –delete [deletes all files *.crypt]
>> 
>> find / -name “*de-crypt*” –type f –delete [deletes ransom message from
>> every directory which had contained encrypted files]
>> 
>> 
>> The answer to the question is take extreme care with incoming emails and
>> always make sure the backups are working.
>> 
>> Peter
>> 
>> 
>> On 15 May 2016 at 21:00, Andrew Bartlett <abartlet at samba.org> wrote:
>> 
>>> On Sat, 2016-05-14 at 22:42 -0700, ToddAndMargo wrote:
>>>> Hi All,
>>>> 
>>>> Is there anything in Samba that will help protect
>>>> against ransomware?
>>> 
>>> I've not had to look into this properly, but I would suggest that
>>> regular and genuinely offline backups and regular Read Only snapshots.
>>> 
>>> Andrew Bartlett
>>> 
>>> --
>>> Andrew Bartlett                       http://samba.org/~abartlet/
>>> Authentication Developer, Samba Team  http://samba.org
>>> Samba Developer, Catalyst IT
>>> http://catalyst.net.nz/services/samba
>>> 
>>> 
>>> 
>>> 
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>> 
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list