h.reindl at thelounge.net
Tue May 17 09:01:02 UTC 2016
Am 17.05.2016 um 09:47 schrieb Fabian Cenedese:
>> Am 16.05.2016 um 07:32 schrieb ToddAndMargo:
>>> May I surmise that all the encrypted file now have
>>> an extra extension of ".crypt"? So it is easy to
>>> see who got clobbered.
>> how do you come to that conclusion and even if some malware acts that way what makes you sure you can rely on that? IMHO it would only be so when the developer of the ransomware is a fool!
>> why should he give you something to make a "locate .crypt" on the fileserver and backups easy?
> So far most of the ransomware rename the encrypted files and place files with
> instructions with constant names. They don't want to hide the fact that the files
> are encrypted. No, they want you to know that they are and that you have to
> pay to get them back. That's why it's called ransomware. Of course for people
> with backups this makes life a little easier. But for the others...
"so far most" != you can rely on
"They don't want to hide the fact that the files are encrypted. No, they
want you to know that they are" *yes but* when they are finished an dnot
right after starting to encrypt where not much files are affected and
backups still in place
what they *really* want is act in the background and get caught as late
as possible when all your backups contain encrypted versions of
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: OpenPGP digital signature
More information about the samba