This is to discuss the Ransomware Detection App.
This app monitors file operations to detect ransomware attacks by using generic indicators for a guided user-controlled recovery utilizing the integrated file versioning methods.
Is there any documentation available?
I have a regular “.odp” (Libreoffice Impress) - file that shows up with a green background in the app.
Does that mean anything? Is everything ok, since it is green, or do I need to do anything?
Is there anything I can do to prevent .odp-files from being detected?
Thanks for the posting @jospoortvliet
After recently upgrading to NC 20.0.3, I was trying every app in my instance to see if things still worked. I never paid much attention to the Ransomware app because I have a tiny security footprint. The following problem might have been there a while or just happened after the upgrade.
A file I made from scratch using LibreOffice on an Ubuntu 18.04 LTS Workstation is triggering the Red color alert for Ransomware. Using the Nextcloud app for Ubuntu, I edit the file on the Ubuntu Workstation as opposed to editing it with Collabora. I save the file each weekday and assumed it was synched normally to my cloud. Maybe it is but in my users Ransomware app it was listed as “Recover Selected Files”.
Without any instructions in the app for using it, I assumed “Recover” meant to accept the file as safe. I was very wrong. I think I just found out that clicking “Recover Selected Files” meant delete them from the server and give the user no ability to undo this. also wipe the files from all synced devices.
Now I’m missing a shitload of files and folders. That’s pretty fucked up.
What I think the error in judgment is, is if a folder or file was moved into the cloud via the Ubuntu file system, it’s suspect and primed for deletion.
It seems there is a bug, the text of the app currently says this:
!!WARNING!!: DEACTIVATE OR REMOVE THIS APP FROM YOUR NEXTCLOUD INSTALLATION BECAUSE OF A NOT RESOLVED BUG WHICH CAN LEAD TO THE DELETION OF YOUR FILES IF YOU TRY TO RECOVER FILES. YOU CAN ALSO UPDATE TO THIS VERSION AS THIS IS AN EMPTY APP WITHOUT ANY FUNCTIONALITY.
I’m sure work is going on to fix this bug, but be careful until it is fixed!
1 Like