[Samba] ransomware etc

Enrico Weigelt, metux IT consult enrico.weigelt at gr13.net
Wed Jun 28 12:08:18 UTC 2017


On 28.06.2017 11:51, mj via samba wrote:

> And I posted one idea I found (the ransomware-samba-tools link earlier)
> already, but I'm just trying to get some dialogue / brainstorming going
> on here... :-)

IMHO, the only real defense is a versioned filesystem and very fine,
carefully planned access controls. Any antivirus will be lacking
behind.

An additional option could be testing file integrity checks after write
(still keeping the old version) as an early warning. When a file is
silently encrypted by ransomeware, the test will fail and we'll see a
file type change and can notify the operator or the file owner.

Of course, that will only work w/ known file types, and we'd need to
write lots of checker routines.


--mtx




More information about the samba mailing list