Can the Cryptolocker virus get at my ZFS data via CIFS?

[zella]

Hi guys,

I have a Freenas box which is using ZFS of course, and the data is already encrypted. This cryptolocker is apparently only getting at NTFS file systems. but the NAS is on Windows SAMBA/CIFS shares on my network, which is pretty basic, no dedicated firewall or anything like that. Am I at risk?

I don't have the holy trinity of backups, one of site etc. as this is a home set up, but I do have two backups that are not online. Just to save anyone the typing time for the inevitable backup bashing.

Also would anyone care to speculate on the future risk. Currently these bastards are charging 300 USD to get the keys, if they were smart they would makea ZFS version, as anyone using ZFS clearly values their data and they could probably charge 3x as much.

Thanks

z

 

[zella]

Some more info which was probably lacking.
Volume permission: http://prntscr.com/3p84fg
Share setup: http://prntscr.com/3p84mw

The shares are password protected but they are mapped on my machines so you don't need to put the password in every time.

 

[ser_rhaegar]

Yes it encrypts files over mapped network shares. It has happened twice at work now. Kaspersky (AV of choice at work) doesn't always catch it.

Encrypting files at the file level has nothing to do with encryption at the file system level.

 

[zella]

Bummer, what if I remove the network maps but keep shortcuts to the shares?

 

[ser_rhaegar]

Bummer, what if I remove the network maps but keep shortcuts to the shares?

Possibly. I don't have an answer for that.

 

[crisman]

Not sure, but it seems the virus looks for networks shares also.

 

[thewiep]

Would ZFS snapshots of these shares not protect you?
The files from the snapshot should not be available through the share but in a separate hidden dir.
Not sure, just an idea..

Sent from my C6903 using Tapatalk

 

[c32767a]

Would ZFS snapshots of these shares not protect you?
The files from the snapshot should not be available through the share but in a separate hidden dir.
Not sure, just an idea..

Sent from my C6903 using Tapatalk

+1

A read only snapshot from before the infection would protect you. Another good reason to have snapshots enabled.. :)

 

[cyberjock]

First, I have moved this to offtopic since it has nothing to do with FreeNAS support.

Second, if its mapped it's totally fair game if you are stupid enough to get that virus.

Third, this forum isn't really the place to ask the question you are asking.

 

[zella]

ahh my old friend cyberjock, friendly and welcoming as every. where should i drag my worthless carcass to instead?

 

[cyberjock]

Not sure. I know of the virus and since I know it basically encrypts everything around the single best way to avoid this problem is ZFS snapshots. Take one a day and if things go bad you can always roll back to the snapshot. ;)