[Samba] Ransomware?

Fabian Cenedese Cenedese at indel.ch
Fri May 20 06:25:38 UTC 2016

>> Is it only CIFS drive shares it goes after?
>It's quite simple: if the user can write onto the share then ransomware  
>also can write.

Samba/Windows shares can be discovered, that's how Windows itself
does it when browsing the network. It wouldn't be difficult for a virus
to use the FTP protocol as well. However it wouldn't know what server
to connect to and what username/password to use if protected. The
same is true for other protocols (SSH, rsync etc). That's why those
ways of backupping are more secure. Unless the virus goes phishing
and makes you enter the credentials...

bye  Fabi

More information about the samba mailing list