Crypto Trojan "Locky"

  • What could in future be done from the side of the file systems used by OMV
    to prevent crypto-trojan "Locky" from encrypting all data on OMV shares?

    1) Automatically make all backed up files read only? Will this be enough?
    2) Automatically make all backed up files deletable only through a special password protected account?
    Add special characters to the file names on the OMV share so that a Windows client can not handle these?
    And make the special characters removable only through a password protected account?

    What do the file system experts here think should be done?

    Yours - Backupmaster

  • From what I can see, if you want to have Windows client accessing and writing Samba shares on OMV, there is very little you can do to stop the virus. Not using Samba, or read-only, is very inconvenient.

    The only real solution to an infection is backups (that are not also shared out r/w via Samba!). How to best achieve that depends on a variety of factors. For convenience, btrfs or ZFS snapshots would work very well.

  • rsnapshot the files to a non-shared drive works as well. This can be done very easily via the openmediavault-rsnapshot plugin.

    omv 6.0.42-2 Shaitan | 64 bit | 5.19 proxmox kernel | plugins :: omvextrasorg 6.1.1 | kvm 6.1.23 | mergerfs 6.3.3 | zfs 6.0.11 plugins source code and issue tracker - github

    Please try ctrl-shift-R and read this before posting a question.
    Please don't PM for support... Too many PMs!

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!