Seven Posted March 22, 2016 Share Posted March 22, 2016 We had a ransomware attack at the office recently (Locky) and I've learned quite a bit from the experience. The smoke has now cleared and I've had time to assess any potential holes on our home network and I've decided it would be prudent to make our unraid shares read-only to help prevent damage to our precious media files in the event of a future ransomware attack. Currently I am running a stock unraid v6.1.9 install (using Windows7 and Windows8 clients) and was wondering if there's a quick way to toggle the read-write / read-only setting for my unraid shares. The idea is to toggle read-only when there are no file/copy transactions occurring, then toggle read-write whenever I need to copy/move/delete files. I'd like to keep the shares read-only the majority of the time and I will change to read-write only when I need to make changes. Currently, the process I am using requires about 5-steps: Navigate to the main unraid main menu, click shares, click the share name, scroll down and change to read-only, click apply. I was wondering if there is a faster way? Thanks for any advice! Quote Link to comment
danioj Posted March 23, 2016 Share Posted March 23, 2016 We had a ransomware attack at the office recently (Locky) and I've learned quite a bit from the experience. The smoke has now cleared and I've had time to assess any potential holes on our home network and I've decided it would be prudent to make our unraid shares read-only to help prevent damage to our precious media files in the event of a future ransomware attack. Currently I am running a stock unraid v6.1.9 install (using Windows7 and Windows8 clients) and was wondering if there's a quick way to toggle the read-write / read-only setting for my unraid shares. The idea is to toggle read-only when there are no file/copy transactions occurring, then toggle read-write whenever I need to copy/move/delete files. I'd like to keep the shares read-only the majority of the time and I will change to read-write only when I need to make changes. Currently, the process I am using requires about 5-steps: Navigate to the main unraid main menu, click shares, click the share name, scroll down and change to read-only, click apply. I was wondering if there is a faster way? Thanks for any advice! In short, I don't think so. I would have advised that perhaps you could use CHMOD ### /path/ BUT I am not sure doing that on your shares is advised given the control from the GUI. Someone else might be able to chime in here BUT I think the safest bet is to use the GUI. For kicks I did just time how long it takes me to do this while I am on the LAN and it was 9 seconds. How much faster do you need the process to be. It would be a lot LONGER to log into the CLI and execute a command for instance. Quote Link to comment
Squid Posted March 23, 2016 Share Posted March 23, 2016 Make all the users only have read only access. Create another user that has rw access. Login with you client to that new user when ever you need to write a file (if that's doable). Otherwise then you have to switch the share settings on the fly. As an aside, make certain users only have read-only access permanently to the shares. In my house pretty much every share is read-only for everyone, but I am the only one who permanently has rw access. Not particularily worried about ransomware, but more about people inadvertently deleting media Also, don't ever map shares to drives. Most virus / ransomware aren't going to be scanning your network, but are going to be scanning your local drives (of which for all intents and purposes a mapped share appears to be) Quote Link to comment
Seven Posted March 23, 2016 Author Share Posted March 23, 2016 Also, don't ever map shares to drives. Most virus / ransomware aren't going to be scanning your network, but are going to be scanning your local drives (of which for all intents and purposes a mapped share appears to be) Locky ransomware does scan for mapped and unmapped network shares and will attempt to encrypt any media files it finds. That's what made me take a close look at our home network environment to see about hardening security there. More info about Locky ransomware here, for anyone who is interested. Somehow, this malware has already infected hundreds of computers in Europe, Russia, the US, Pakistan, and Mali. The malicious script downloads Locky's malware executable file from a Web server and stores it in the "Temp" folder associated with the active user account. Once installed, it starts scanning for attached drives (including networked drives) and encrypts document, music, video, image, archive, database, and Web application-related files. Networked drives don't need to be actively mapped to be found, however. My wife works from home and she's always emailing MS Office and other documents with co-workers. So after the ransomware attack at my workplace I decided to take a closer look at the security settings on our home network as well. Anyways, it sounds like the current method is the best option for setting read-only on my unraid shares. I expected as much but just thought I would check in case there was a faster way to toggle read-only on unraid shares. Thanks for the suggestions.... Quote Link to comment
kizer Posted March 23, 2016 Share Posted March 23, 2016 All my shares are read only. I have access to my disks via disk shares that are set to hidden and are not mapped. Quote Link to comment
cyberdunks Posted May 17, 2020 Share Posted May 17, 2020 Are hidden unmapped shares still visible to a network attack like ransomware attacks? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.