Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Novel method for slowing down Locky on Samba server using fail2ban SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Novel method for slowing down Locky on Samba server using fail2ban

One of our loyal readers, Gebhard, pointed out a nice post (in German) on how to slow down Locky if you are using a Samba server for filesharing in your environment.  The technique takes advantage of fail2ban and some additional Samba logging to keep Locky from encrypting all the files on the share.  It is worth a look.  Thanx, Gebhard, for sharing.

References:

[de]: http://heise.de/-3120956
[en]: https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fheise.de%2F-3120956&edit-text=

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Live Online Europe February 2022 Volume 1

Jim

423 Posts
ISC Handler
Mar 6th 2016

Sign Up for Free or Log In to start participating in the conversation!