I was just reading an article about a new type of Ransomware called Samsa
- after infection it scans your whole it infrastructure and for backup procedures
and distributes itself over the network without any noticeable action
after some time when it knows your files, disks, storage and backup procedures,
It can happen, that it first encrypts all backups ( may wait until all backups are encrypted !!)
without any other actions.
it starts then encryption simultatiously on all systems
it deletes shadow copies (when using Windows)
So it can happen, that
- all files on many systems are encrypted one morning
- Windows snaps/ shadow copies are deleted
- backup is encrypted even on multiple rotating backup medias
The question is now, is a remote ZFS storage safe against such attacks
- current data: can be encrypted as long as you have permissions : not safe
- ZFS snaps are safe as they are readonly and cannot be deleted by a client admin user
as you need local root access on the storage system
- after infection it scans your whole it infrastructure and for backup procedures
and distributes itself over the network without any noticeable action
after some time when it knows your files, disks, storage and backup procedures,
It can happen, that it first encrypts all backups ( may wait until all backups are encrypted !!)
without any other actions.
it starts then encryption simultatiously on all systems
it deletes shadow copies (when using Windows)
So it can happen, that
- all files on many systems are encrypted one morning
- Windows snaps/ shadow copies are deleted
- backup is encrypted even on multiple rotating backup medias
The question is now, is a remote ZFS storage safe against such attacks
- current data: can be encrypted as long as you have permissions : not safe
- ZFS snaps are safe as they are readonly and cannot be deleted by a client admin user
as you need local root access on the storage system