Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Protecting File Server from Ransomware


  • Please log in to reply
3 replies to this topic

#1 threatZERO

threatZERO

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 21 June 2018 - 08:44 AM

Team -

 

We are wanting to utilize FSRM/etc for proactively protecting our file server from known ransomware extensions. The question I have, is with our known knowledge of Ransomware and File Servers, if the logic in the ransomware can't encrypt files because the extension combinations are blacklisted, will it CONTINUE and just start deleting everything?

 

Here are some resources we are looking at:
 

https://gallery.technet.microsoft.com/scriptcenter/Protect-your-File-Server-f3722fce (powershell script for FSRM)

https://www.reddit.com/r/sysadmin/comments/5vsz8u/do_you_use_fsrm_to_protect_your_windowsbased_file/ (updated list of ransomware) 

 

 

TL;DR

If we block known ransomware extensions from our file servers, will ransomware still continue to delete even if it can't encrypt.



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:42 AM

Posted 21 June 2018 - 08:52 AM

It's impossible to blanket define that type of behavior of all ransomwares. They all greatly differ. Some may continue and just delete the files, some may hang up on the file, some may crash entirely, some could "adapt". Further more, if someone actually compromises the system and just straight-out has control, there's nothing you can do to prevent them from just turning off your defenses.

 

I hope you are only looking into this type of defense after establishing proper backups including revisions and off-site/cloud.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 threatZERO

threatZERO
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 21 June 2018 - 08:58 AM

It's impossible to blanket define that type of behavior of all ransomwares. They all greatly differ. Some may continue and just delete the files, some may hang up on the file, some may crash entirely, some could "adapt". Further more, if someone actually compromises the system and just straight-out has control, there's nothing you can do to prevent them from just turning off your defenses.

 

I hope you are only looking into this type of defense after establishing proper backups including revisions and off-site/cloud.

 

Yes, we have proper backups in place. Our sys admins approached us wanting to proactively do anything possible to ensure our file servers are protected even if it means the blanket or layered security approach. 



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:42 AM

Posted 21 June 2018 - 09:45 AM

Also see my comments (Post #2) in this topic for the best defensive strategy to protect yourself from ransomware (crypto malware) infection and a list of prevention tools.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users