[Samba] Ransomware?
Reindl Harald
h.reindl at thelounge.net
Mon May 16 00:34:23 UTC 2016
Am 16.05.2016 um 01:05 schrieb jacek burghardt:
> Iscsi cant be encrypted.
what has this to do with samba and who has iSCSI (SAN) on the normal
network instead a seperated storage network or in case of a small VMware
cluster with 2 hosts even not just 2 network cables from each to the
SAN-storage with no switch at all?
> On Sun, May 15, 2016 at 3:30 PM, peter lawrie <
> peter.lawrie at glendiscovery.co.uk> wrote:
>
>> I had to deal with ransomware at the end of April. One of the PCs on my
>> customer's network was infected by opening a realistic looking email
>> apparently from a genuine supplier to the company and personally addressed.
>> The infection occurred on Wednesday, but encryption of the server only took
>> place late on Friday afternoon, presumably having obtained encryption keys
>> from the criminals. The malware did not encrypt documents on the infected
>> PC, but documents and spreadsheets in every folder on the samba shares were
>> encrypted. Fortunately the backup to rdx disk was working (On my previous
>> visit to the customer the backup had NOT been working and nobody had
>> noticed!).
>> I used linux 'cp -npr' to restore missing files and
>>
>> find / -name “*.crypt” –type f –delete [deletes all files *.crypt]
>>
>> find / -name “*de-crypt*” –type f –delete [deletes ransom message from
>> every directory which had contained encrypted files]
>>
>>
>> The answer to the question is take extreme care with incoming emails and
>> always make sure the backups are working.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20160516/4fbca2b3/signature.sig>
More information about the samba
mailing list