The "Locky" trojan and similar trojans apparently can cause havoc on your
file servers (you may have heard the reports of hospitals that had to pay
thousands of dollars to be able to decrypt their files).
Obviously, this is a good reason to double-check you backups.
But as a Linux admin, you may want to consider additional security
measures. Here is one suggestion (untested, because I do not run a Samba
Enable logging in the Samba file server, and monitor the log file for
the known file names created by Locky. I.e. files named .locky or
If a user creates such a file, immediately ban his IP from accessing your
file server, and send out an alert to the admin and the affected user.
This probably won't prevent much damage from the users PC, but it
should at least prevent it from doing much on your file server.
There also exist security modules such as "samba-virusfilter" that could
probably be extended to cover this, too.
Sorry, I cannot provide you step-by-step instruction because I am
a Linux-only user. I do not run a Samba file server. I have only had
conversations with friends about this trojan.