[Samba] Ransomware?

Dmitry Melekhov dm at belkam.com
Mon May 16 11:04:17 UTC 2016

16.05.2016 14:38, Reindl Harald пишет:
> Am 16.05.2016 um 07:32 schrieb ToddAndMargo:
>> May I surmise that all the encrypted file now have
>> an extra extension of ".crypt"?  So it is easy to
>> see who got clobbered.
> how do you come to that conclusion and even if some malware acts that 
> way what makes you sure you can rely on that? IMHO it would only be so 
> when the developer of the ransomware is a fool!

By the way, could someone recommend best , or at least way this one 
really use, to detect that there was massive file encryption?

Thank you!
> why should he give you something to make a "locate .crypt" on the 
> fileserver and backups easy?

More information about the samba mailing list