Mark Minasi's Tech Forum
Sign up Calendar Latest Topics

  Author   Comment  

Still Checking the Forum Out
Posts: 1
Reply with quote  #1 
Been thinking about Ransomware hitting a large file server with PB of data. There's no backups possible due to the extreme scale of the data. It's accessed via a web front end to two file controllers connecting to it over SMB. Anyway, I was considering removing all NTFS permissions except to a service account. Only this service account would have write permissions and it would not be a domain admin etc. Removing system and domain admin rights would prevent Ransomware from encrypting the contents but this assumes:
  • infections would use logged on permissions / grab domain admin creds to spread
  • it would not try to take ownership before encrypting
  • it would not harvest other accounts to try to access file shares (assumes DC compromised)
So, how clever is ransomware and how to protect a file server like this? Assumes AV in place etc but unique ransomware signature bypass it etc...

Previous Topic | Next Topic

Quick Navigation:

Easily create a Forum Website with Website Toolbox.