Vitavonni

Protect your file server from the Locky trojan

The "Locky" trojan and similar trojans apparently can cause havoc on your file servers (you may have heard the reports of hospitals that had to pay thousands of dollars to be able to decrypt their files).
Obviously, this is a good reason to double-check you backups.
But as a Linux admin, you may want to consider additional security measures. Here is one suggestion (untested, because I do not run a Samba file server):
Enable logging in the Samba file server, and monitor the log file for the known file names created by Locky. I.e. files named .locky or _Locky_recover_instructions.txt.
If a user creates such a file, immediately ban his IP from accessing your file server, and send out an alert to the admin and the affected user.
This probably won't prevent much damage from the users PC, but it should at least prevent it from doing much on your file server.
There also exist security modules such as "samba-virusfilter" that could probably be extended to cover this, too.

Sorry, I cannot provide you step-by-step instruction because I am a Linux-only user. I do not run a Samba file server. I have only had conversations with friends about this trojan.
2016-02-26 10:16 — Categories: English Linux SecurityPermaLinkComments
This website uses cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. See details