[WLUG] Linux, rsync and CryptoWall ransomware
Jeff Hanson
jhansonxi at gmail.com
Fri Oct 24 10:43:20 EDT 2014
Checksums won't help unless you had a checksum from before the infection to
compare against. Could use checksums from a known-good server to compare
against.
The "file" command looks for bytes that indicate what the target file is.
You could compare file extensions against what "file" thinks it is.
On Fri, Oct 24, 2014 at 10:32 AM, Chris Baty <batymahn at gmail.com> wrote:
> Hi guys,
> So our Windows Server 2003 file server got a CryptoWall virus so we are
> screwed - any random thoughts appreciated. Being a Linux guy, I
> happened to install Cygwin and used rsync to my linux box for hourly
> backups. I was curious if there's any way to use something like md5sum
> to detect whether a file has been corrupted//encrypted or not before rsync
> copies a file?
>
> Thanks.
>
> Chris
>
> _______________________________________________
> washlug mailing list
> washlug at washlug.org
> http://linux.marcdatabase.com/mailman/listinfo/washlug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linux.marcdatabase.com/pipermail/washlug/attachments/20141024/c6025e54/attachment.html
More information about the washlug
mailing list