Novel method for slowing down Locky on Samba server using fail2ban

One of our loyal readers, Gebhard, pointed out a nice post (in German) on how to slow down Locky if you are using a Samba server for filesharing in your environment.  The technique takes advantage of fail2ban and some additional Samba logging to keep Locky from encrypting all the files on the share.  It is worth a look.  Thanx, Gebhard, for sharing.

References:

[de]: http://heise.de/-3120956
[en]: https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fheise.de%2F-3120956&edit-text=

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Tokyo Autumn 2022

Jim

423 Posts
ISC Handler
Mar 6th 2016

Sign Up for Free or Log In to start participating in the conversation!