Criptolocker Virus

Hi everyone,
A simple simple question.
How does NS behave with a cryptolocker attack?
SMB can be infected?
FTP folders remain immune, even on the same server?
Are external HD backups infected?
Thank you

cryptolocker is something that runs on a windows machine… everything is available to that machine and to the user logged in is potentially in danger…
only samba enabled shares are targets… and only the resources where the logged user has write access…

so, if you share an external disk and give write access to the user, yes, it will likely compromised by cryptolocker
if you have a share and the user has read only access, it won’t be affected.

I am very interested to backup.
It is obvious that NS can write to backup disk, bat, is hd visible only to the backup procedure? Or not.

if backup destination is not shared via samba (and it should not ever being so) you’re safe…
be aware that if your files are compromised, they are backuped “as is”… be sure to have a good backup retention, i.e. at least 2 or more backup sets

Tutto molto chiaro, grazie

I’ve already had problems with cryptolocker and sharing folders.
Thanks to this link I created a file and I check md5. If this fails send an email or want to stop the samba service

1 Like

interesting approach, indeed…

but, AFAIK, it works only on NS6.x because of inotify-tools aren’t available on NS7 anymore…

can you confirm it?
thank you

The issue is when the canary file is the last encrypted by Criptolocker…

i dont know

with yum search inotify
inotify-tools.x86_64 : Command line utilities for inotify
is present

Unfortunately it is the only available options available that I know.
It is currently active on zentyal 2.3 samba server, in the AGGI folder with read and write permissions also for guests.

I assure you that restoring 60 gb of folders is not pleasant, even if it does not stop immediately i would prefer.