[Samba] Ransomware?

Fabian Cenedese Cenedese at indel.ch
Tue May 17 07:47:37 UTC 2016

>Am 16.05.2016 um 07:32 schrieb ToddAndMargo:
>>May I surmise that all the encrypted file now have
>>an extra extension of ".crypt"?  So it is easy to
>>see who got clobbered.
>how do you come to that conclusion and even if some malware acts that way what makes you sure you can rely on that? IMHO it would only be so when the developer of the ransomware is a fool!
>why should he give you something to make a "locate .crypt" on the fileserver and backups easy?

So far most of the ransomware rename the encrypted files and place files with
instructions with constant names. They don't want to hide the fact that the files
are encrypted. No, they want you to know that they are and that you have to
pay to get them back. That's why it's called ransomware. Of course for people
with backups this makes life a little easier. But for the others...


bye  Fabi

More information about the samba mailing list