The pattern ^.*-evil-ha-ha- would match any file names with -evil-ha-ha- anywhere in their name. Regular expressions are supported here, identified by patterns that begin with ^ or end with $ (or both), so you are not limited to files ending with a certain string. oh-no will be considered suspicious and blocked. You can also choose to use 'Additional extension patterns'.Įxample: if you entered the pattern. you will no longer be protected from attacks that rename/create files called. lock will be allowed to sync without suspicion. lock in the Exclude extension patterns configuration field, then files that end in. You must enter patterns exactly as found in the extensions.txt file entering something that is not a line in that file has no effect.Įxample: if you entered. You can choose to ignore extensions from the resources/extensions.txt file by entering the pattern into the 'Exclude extension patterns' field. Configuration settingsĬonfiguration is managed on the Settings » Security page under the heading Ransomware protection. After the problem has been solved, the clients can be re-allowed in the personal settings of the user. Pressing the button will delete the notification for all administrators.Īfter 5 "infected" uploads within 30 minutes, the clients of the user get blocked automatically to prevent further damage to the data. If the user presses "I need help!" admins of the instance receive the following notification: User Tester may be infected with ransomware and is asking for your help Admins can also see the pattern in the log when it is set to level Warning or lower. Hint: You can find the apps admin settings in the security tab of your Nextcloud instance. If you want to exclude the problematic pattern, you can copy it from this notification and ask your admin to add it to the exclude list. Otherwise you can request help from your admin, so they reach out to you. If you are sure that your device is not affected, you can temporarily disable the protection. The file “foobar.txt” you tried to upload matches the naming pattern of a ransomware/virus “*.txt”. The user receives a notification with 2 options: File “foobar.txt” could not be uploaded! When a known sync client is uploading a file with a file name matching the pattern of a ransomware (see this list of patterns), uploading of the file is blocked. ⚠️ Neither the developer nor Nextcloud GmbH give any guarantee that your files can not be affected by another way. It does not help in case your server is infected directly by a ransomware. Especially since it only prevents infected clients from uploading and overwriting files on your Nextcloud server. ⚠️ This app does not replace regular backups. This app prevents the Nextcloud Sync clients from uploading files with known ransomware file endings. Please contact your account manager to talk about the possibilities. If there is a strong business case for any development of this app, we will consider your wishes for our roadmap. We would be more than excited, if you would like to collaborate with us. We are welcoming anyone who would like to take over this app, reach out in this issue: #144.We are not updating this app for future releases.We assess the main functionality as done.While there are many things that could be done to further improve this app, this app is currently not maintained.
0 Comments
Leave a Reply. |