Ransomware protection


#1

Hi, is there any option to prevent syncing of files in case they are encrypted because of ransomware (eg. locky)? I do have backup and can restore files in such a case, but if you have 50 desktop clients there is so much work to restore files on all of them and continue work smoothly. So, the problem is, if one device gets files encrypted because or ransomware, those files sync to server and all other devices that share the same folder and files get files encrypted too. Then you have to delete all of the encrypted files, restore them from backup and sync them again to all devices which can take a lot of time.

So I am wondering if there is an option to implement some kind of antivirus to owncloud, which would scan all files and delete the ones infected by ransom or not sync them? Or if there is an option to set only trusted file extensions that would be allowed to sync, so in case of getting ransomware on one device the files with extension .locky wouldn't sync to server? Does owncloud have any solution or how do others manage that kind of situation?

Thanks for you help with answers.


#2

The only real protection are backups. You could protect against know renaming procedures but that would not cover new ransomware but for old ransomware you don't need to restore everything manually. Nextcloud implemented such an app (https://github.com/nextcloud/ransomware_protection), you can create a fork for ownCloud.

There is a antivirus app: https://github.com/owncloud/files_antivirus