[Samba] Ransomware?

Gaiseric Vandal gaiseric.vandal at gmail.com
Fri May 20 16:10:52 UTC 2016

I think you should assume that one of your end users will eventually 
fall for ransomware.   And that the user will have access to  most of 
your network shares.

This makes backups more critical than ever.

For zfs snapshots, the end user CAN access their snapshots via samba 
shares, so replication to a 2nd machine is probably essential.

The rest of it is defense in depth -  desktop antivirus, e-mail 
gateways, user education, restrict user access to only what is needed ...

On 05/20/16 11:46, ToddAndMargo wrote:
> On 05/19/2016 11:09 AM, Helmut Hullen wrote:
>> Hallo, ToddAndMargo,
>> Du meintest am 19.05.16:
>>>>>>> Is there anything in Samba that will help protect
>>>>>>> against ransomware?
>> [...]
>>>> months ago there where ransomware which discovered shares without a
>>>> drive letter assigend
>>> yes, I just read Fabians post.  Oh on!
>>> Is it only CIFS drive shares it goes after?
>> It's quite simple: if the user can write onto the share then ransomware
>> also can write.
>> Viele Gruesse!
>> Helmut
> Hi Helmet,
> Greeting from the USA!   I was stationed in Germany for three
> years in the seventies.  I absolutely adored Germany and
> still miss it at times.
> An ftp server can be set up to require a username and password.
> And that can be different than the Windows user name and password.
> That should throw a wrench in the works!  And there is always
> write only and read only accounts.  Wonder if you would get away
> with that in Samba?
> -T

More information about the samba mailing list