Hi everyone,
A simple simple question.
How does NS behave with a cryptolocker attack?
SMB can be infected?
FTP folders remain immune, even on the same server?
Are external HD backups infected?
Thank you
cryptolocker is something that runs on a windows machine… everything is available to that machine and to the user logged in is potentially in danger…
only samba enabled shares are targets… and only the resources where the logged user has write access…
so, if you share an external disk and give write access to the user, yes, it will likely compromised by cryptolocker
if you have a share and the user has read only access, it won’t be affected.
I am very interested to backup.
It is obvious that NS can write to backup disk, bat, is hd visible only to the backup procedure? Or not.
if backup destination is not shared via samba (and it should not ever being so) you’re safe…
be aware that if your files are compromised, they are backuped “as is”… be sure to have a good backup retention, i.e. at least 2 or more backup sets
Tutto molto chiaro, grazie
I’ve already had problems with cryptolocker and sharing folders.
Thanks to this link I created a file and I check md5. If this fails send an email or want to stop the samba service
1 Like
interesting approach, indeed…
but, AFAIK, it works only on NS6.x because of inotify-tools aren’t available on NS7 anymore…
can you confirm it?
thank you
The issue is when the canary file is the last encrypted by Criptolocker…
i dont know
with yum search inotify
inotify-tools.x86_64 : Command line utilities for inotify
is present
Unfortunately it is the only available options available that I know.
It is currently active on zentyal 2.3 samba server, in the AGGI folder with read and write permissions also for guests.
I assure you that restoring 60 gb of folders is not pleasant, even if it does not stop immediately i would prefer.