@Flyer wrote:
Hi all,
I'm reporting my experience in a +40 users office and reasons why not to use shadow copies over samba and btrfs.First of all, why did i decide to move to a non ext/ufs fs?? Simple answer: i wanted some "backup/versioning" for my office nas to avoid accidental deletes
Real answer: 10 days before XMas 2015 a colleague got a cryptolocker variant (Cryptolocker from Wikipedia) and I had to manage nearly 365K (yes, 365.000 files) files encrypted - I'm used to backup on a daily basis plus incremental backups every 2 hours so we just lost 10-20 files
So, you have to know that ransomware don't start to encrypt from local machine infected, but first try via network shares, also on hidden files and shadow copies on local pc / remote shadow copies (first reason to avoid shadow copies on Samba)
Secondo reason to avoid: your users don't need another "toy" to damage theirselves
EDIT - Special Note: Time to recover 365K files from backup, checking for old versions / new versions, etc : 3 days - time to recover via snapshots done every 15-20 minutes: 10-20 seconds, with possible loss of a small amount of files
Posts: 1
Participants: 1