You are leaving our Website
Using an external Link:
You are now leaving our website. The following page is operated by a third party. We accept no responsibility for the content, data protection, or security of the linked page..
URL:
Virus "Locky": Assistance for NetApp™ 7Mode-ONTAP Filer
News 2016
Currently, a - unfortunately quite convincing - extortionate data encryption virus named "Locky" is spreading, which has not only made it to the front pages of the computer press, but also quickly gained sad fame in the daily press.
Sender: Often a fictitious employee of the same company. This does not stand out in large companies.
Cover letter: Very high quality, without spelling errors and often tailored to the company. It seems to replicate the content of other emails from the infected sender's computer.
Attachment: An invoice as a Word document.
Help for NetApp™ 7Mode-ONTAP Filer:
Reject writing files with suspicious file extensions used by Locky using FPolicy.
fpolicy create f_Ransomware screen
fpolicy ext inc set f_Ransomware locky,xxx,zzz fpolicy monitor set
f_Ransomware -p cifs,nfs create,rename
fpolicy options f_Ransomware required on
fpolicy enable f_Ransomware
Confirm the prompt "Warning: User requests may be denied because there are no file screening servers registered with the filer. Are you sure?"
Check: fpolicy show f_Ransomware
If necessary, expand the list of file extensions:
fpolicy ext inc add f_Ransomware FILE_EXTENSION,FILE_EXTENSION[,...]
Unfortunately, this does not prevent the clients from being infected, but it prevents the snapshots on the filers from being unnecessarily inflated by the unusable files.
More information at:
General tips:
https://www.heise.de/news/Krypto-Trojaner-Locky-Was-tun-gegen-den-Windows-Schaedling-3112408.html
Windows Server: Catching Trojans encrypting:
https://www.frankysweb.de/windows-fileserver-vor-ransomware-crypto-locker-schuetzen/
Windows Server: Automatically disconnecting infected users:
https://www.frankysweb.de/windows-fileserver-vor-ransomware-schuetzen-update/
For NetApp™ Filer:
https://www.tobbis-blog.de/netapp-ontap-fileserver-gegen-ransomware-abschotten/
If you want to learn more about NetApp™, storage solutions, and IT security topics, visit our workshop overview:
Press contact:
Christian Jacobs