For this I'm not entirely sure, but could a ransomware totally encrypt a ZFS volume? That would mean elevating privileges up to the filesystem driver, which may not be in user-space
ZFS with snapshots on the targeted machine is a great mitigation but not a silver bullet. Snapshots can expire or be overwritten by new encrypted data until good data is lost (depending on the configuration). Or the ransomware attack could be block level, which is hitting a lot of people lately. Or the machine could explode :) I think snapshots should be considered as a way to restore point-in-time data locally, not as a backup per se.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
For this I'm not entirely sure, but could a ransomware totally encrypt a ZFS volume? That would mean elevating privileges up to the filesystem driver, which may not be in user-space
ZFS with snapshots on the targeted machine is a great mitigation but not a silver bullet. Snapshots can expire or be overwritten by new encrypted data until good data is lost (depending on the configuration). Or the ransomware attack could be block level, which is hitting a lot of people lately. Or the machine could explode :) I think snapshots should be considered as a way to restore point-in-time data locally, not as a backup per se.