Hi, All sorry for my English, Translated from Russian.
No_more_ransom, xtbl and similar stuff.
Immediately after the launch of the virus scans all available drives, including network and cloud storage, to determine which files will be encrypted.
The virus encrypts files and renames them - file.xtbl
Directories of synchronization with clouds are naturally located on local HDD and when changing files in these directories, the synchronization client instantly synchronizes everything with the cloud, etc. data is copied to all PCs for which this directory is shared
It occurred to me to force NCSync-client not to synchronize encrypted files with the server - by adding masks of files (*. Xtbl) to the list of exceptions. But not everything is as simple as it seemed.
If you modulate the action of a virus by renaming the file file.txt> file.xtbl, then the rule does not synchronize the * .xtbl files in the NCSync-client, but the file.txt that is located on the server is removed to the cloud storage bin.
How do I get NCSync-client work correctly in this situation, do not synchronize the files renamed the virus and do not delete the not infected file from the server.