DEV Community

loading...

Discussion on: A cron job that could save you from a ransomware attack

Collapse
cschliesser profile image
Charlie Schliesser

How does this protect you in any fashion if the entire filesystem is encrypted?

Collapse
aethelflaed profile image
@_Geoffroy

For this I'm not entirely sure, but could a ransomware totally encrypt a ZFS volume? That would mean elevating privileges up to the filesystem driver, which may not be in user-space

Thread Thread
cschliesser profile image
Charlie Schliesser

ZFS with snapshots on the targeted machine is a great mitigation but not a silver bullet. Snapshots can expire or be overwritten by new encrypted data until good data is lost (depending on the configuration). Or the ransomware attack could be block level, which is hitting a lot of people lately. Or the machine could explode :) I think snapshots should be considered as a way to restore point-in-time data locally, not as a backup per se.