[Samba] Ransomware?

Reindl Harald h.reindl at thelounge.net
Mon May 16 00:34:23 UTC 2016

Am 16.05.2016 um 01:05 schrieb jacek burghardt:
> Iscsi  cant be encrypted.

what has this to do with samba and who has iSCSI (SAN) on the normal 
network instead a seperated storage network or in case of a small VMware 
cluster with 2 hosts even not just 2 network cables from each to the 
SAN-storage with no switch at all?

> On Sun, May 15, 2016 at 3:30 PM, peter lawrie <
> peter.lawrie at glendiscovery.co.uk> wrote:
>> I had to deal with ransomware at the end of April. One of the PCs on my
>> customer's network was infected by opening a realistic looking email
>> apparently from a genuine supplier to the company and personally addressed.
>> The infection occurred on Wednesday, but encryption of the server only took
>> place late on Friday afternoon, presumably having obtained encryption keys
>> from the criminals. The malware did not encrypt documents on the infected
>> PC, but documents and spreadsheets in every folder on the samba shares were
>> encrypted. Fortunately the backup to rdx disk was working (On my previous
>> visit to the customer the backup had NOT been working and nobody had
>> noticed!).
>>  I used linux 'cp -npr' to restore missing files and
>> find / -name “*.crypt” –type f –delete [deletes all files *.crypt]
>> find / -name “*de-crypt*” –type f –delete [deletes ransom message from
>> every directory which had contained encrypted files]
>> The answer to the question is take extreme care with incoming emails and
>> always make sure the backups are working.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20160516/4fbca2b3/signature.sig>

More information about the samba mailing list