On 09/01/16 07:21, Mauro Condarelli wrote: > I'm using BackupPC in a mostly-win environment and I wonder how resilient it > is to Ransomware (and similar encrypting Trojans). > > The backup archive itself should be safe since it is not directly accessible > from Win machines and I hope to see the threat before all past backups are > overwritten ;) > > Two questions: > 1) should I care about something specific? > 2) is there some way to trigger an alert if a large part of some host backup > change (i.e.: if someThing starts systematically to encrypt all files)?
I don't think there is anything specific you should need to worry about, as long as you keep backups longer than it will take you to notice. I suspect the notice period should be short (usually they will recursively change a LOT of files, and also create a txt file in every folder telling you how to pay the ransom. You could use some post backup script to query the number of changed files and alert against some configured value, but this would be very much site specific. Remember, they don't change all files, so if only 10% of your files are of the type that will be encrypted, then this could be prone to false alarms. IMHO, they generally target MS Office document formats, as well as other well known database files/etc. Regards, Adam -- Adam Goryachev Website Managers www.websitemanagers.com.au ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
