[Samba] Ransomware?

L.P.H. van Belle belle at bazuin.nl
Thu May 19 11:05:37 UTC 2016 

An update for the nice link of the ransomware overview

TeslaCrypt 3.0+ 
Decryptor : http://support.eset.com/kb6051/ 

CryptXXX 
Decryptor: http://www.theregister.co.uk/2016/05/18/cryptxxx_decrypted/ 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens bar???? tombul
> Verzonden: dinsdag 17 mei 2016 13:00
> Aan: Reindl Harald
> CC: samba
> Onderwerp: Re: [Samba] Ransomware?
> 
> Ransomware Overview:
> https://docs.google.com/spreadsheets/d/1q_VSJoSwTv2L29HXouXm-muVfYtzX-
> VeAuzJUgICIUs/pubhtml
> 
> .mp3 even got inside.  ( I used fail2ban.)
> 
> best regards
> 
> 
> 
> 2016-05-17 12:01 GMT+03:00 Reindl Harald <h.reindl at thelounge.net>:
> 
> >
> >
> > Am 17.05.2016 um 09:47 schrieb Fabian Cenedese:
> >
> >>
> >> Am 16.05.2016 um 07:32 schrieb ToddAndMargo:
> >>>
> >>>> May I surmise that all the encrypted file now have
> >>>> an extra extension of ".crypt"?  So it is easy to
> >>>> see who got clobbered.
> >>>>
> >>>
> >>> how do you come to that conclusion and even if some malware acts that
> >>> way what makes you sure you can rely on that? IMHO it would only be so
> when
> >>> the developer of the ransomware is a fool!
> >>>
> >>> why should he give you something to make a "locate .crypt" on the
> >>> fileserver and backups easy?
> >>>
> >>
> >> So far most of the ransomware rename the encrypted files and place
> files
> >> with
> >> instructions with constant names. They don't want to hide the fact that
> >> the files
> >> are encrypted. No, they want you to know that they are and that you
> have
> >> to
> >> pay to get them back. That's why it's called ransomware. Of course for
> >> people
> >> with backups this makes life a little easier. But for the others...
> >>
> >>
> >>
> https://www.reddit.com/r/sysadmin/comments/46361k/list_of_ransomware_exten
> sions_and_known_ransom/
> >>
> >
> > "so far most" != you can rely on
> >
> > "They don't want to hide the fact that the files are encrypted. No, they
> > want you to know that they are" *yes but* when they are finished an dnot
> > right after starting to encrypt where not much files are affected and
> > backups still in place
> >
> > what they *really* want is act in the background and get caught as late
> as
> > possible when all your backups contain encrypted versions of important
> > documents
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list