[Samba] Ransomware?

jacek burghardt jaceksburghardt at gmail.com
Mon May 16 01:32:33 UTC 2016 

Well iscsi makes safe backup target. The way to protect yourself is to have
backup of samba shares to iscsi.

Join my framily E02705708hn 3032 last name BURGHARDT state is co
Cheapest sprint service only 25 a month.

On Sun, May 15, 2016 at 6:34 PM, Reindl Harald <h.reindl at thelounge.net>
wrote:

>
>
> Am 16.05.2016 um 01:05 schrieb jacek burghardt:
>
>> Iscsi  cant be encrypted.
>>
>
> what has this to do with samba and who has iSCSI (SAN) on the normal
> network instead a seperated storage network or in case of a small VMware
> cluster with 2 hosts even not just 2 network cables from each to the
> SAN-storage with no switch at all?
>
>
> On Sun, May 15, 2016 at 3:30 PM, peter lawrie <
>> peter.lawrie at glendiscovery.co.uk> wrote:
>>
>> I had to deal with ransomware at the end of April. One of the PCs on my
>>> customer's network was infected by opening a realistic looking email
>>> apparently from a genuine supplier to the company and personally
>>> addressed.
>>> The infection occurred on Wednesday, but encryption of the server only
>>> took
>>> place late on Friday afternoon, presumably having obtained encryption
>>> keys
>>> from the criminals. The malware did not encrypt documents on the infected
>>> PC, but documents and spreadsheets in every folder on the samba shares
>>> were
>>> encrypted. Fortunately the backup to rdx disk was working (On my previous
>>> visit to the customer the backup had NOT been working and nobody had
>>> noticed!).
>>>  I used linux 'cp -npr' to restore missing files and
>>>
>>> find / -name “*.crypt” –type f –delete [deletes all files *.crypt]
>>>
>>> find / -name “*de-crypt*” –type f –delete [deletes ransom message from
>>> every directory which had contained encrypted files]
>>>
>>>
>>> The answer to the question is take extreme care with incoming emails and
>>> always make sure the backups are working.
>>>
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list