Protecting Greyhole Against Ransomware

melnik
Posts: 44
Joined: Sat Jun 09, 2012 12:13 pm

Protecting Greyhole Against Ransomware

Postby melnik » Sat Mar 25, 2017 9:16 am

Hello community members!

I am here for an advice on how to properly protect my shared greyhole folders against ransomware.

The folders are accessible by everyone in my family (including ma, pa, granny and grandpa). While they will do what I tell them to in regards to the folders themselves, they are prone to clicking things that are better left unclicked.

Are there any strategies i can employ to protect our family photo archive from ransomware that, say, grandma might introduce while looking at cute kittens online? All of them have read/write access to the folder.

Thank you for your hard work :-)

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: Protecting Greyhole Against Ransomware

Postby bigfoot65 » Sat Mar 25, 2017 9:45 am

Not sure this could even happen. At a minimum you could restrict access to read only.

Obviously the best way to protect your HDA is to not expose it to the internet.

I have not heard of any cases of an HDA getting hacked or contaminated directly.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

melnik
Posts: 44
Joined: Sat Jun 09, 2012 12:13 pm

Re: Protecting Greyhole Against Ransomware

Postby melnik » Sat Mar 25, 2017 12:16 pm

I envision a scenario where a user will get infected with ransomeware, which will start encrypting all the files within the reach of the system, including "mounted" network folders, or even "unmonted" network folders that can be reached by IP and accessed with one of the saved login/pwd from "credentials manager" of windows.

I use greyhole as a backup for family photos (MAX number of duplicates), and would like to protect it against a silly user.

Thanks

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: Protecting Greyhole Against Ransomware

Postby bigfoot65 » Sat Mar 25, 2017 12:25 pm

I'm not sure that is possible. I would think the ransomeware would infect the client, not the server.

Is there a proof of concept this could occur or a reported case?

BTW, if you make the share read only as I mentioned previously, there would be no threat in my opinion.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

melnik
Posts: 44
Joined: Sat Jun 09, 2012 12:13 pm

Re: Protecting Greyhole Against Ransomware

Postby melnik » Sat Mar 25, 2017 12:58 pm

One of my collegues (works in a different firm) was dealing with the case when a ransomeware infected a users pc, and since user had read/write access to network drives, it started silently encrypting files on the network drives and deleting the originals.

Similar to a my case: all users can upload photos to family archive (write) and view them as well (read). Hypothetically a ransomeware could infect users PC and start encrypting all files it can reach, including files of the family photo archive.

I cannot set the permissions to "read only" since this would defeat the purpose of the archive - i.e. storing photos from all the users.

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: Protecting Greyhole Against Ransomware

Postby bigfoot65 » Sat Mar 25, 2017 2:35 pm

That is interesting. I have never heard of a such case.

Is the access to your HDA via a client machine on your network or would it be from outside your network?

You could set an upload location that is not managed by Greyhole. Then virus scan the files before moving them to a Greyhole enabled share.

This could be easily automated.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

Who is online

Users browsing this forum: No registered users and 15 guests