Hello,
We are a University with around 20'000 users with all their files on NetApp filers running ONTAP 9.0/CDOT, and from time to time, we have users who get infected with a crypto-virus and starts encrypting files on all shares they have access to. Cryptoviruses are often not detected by antivirus software, and we were thinking about making an automated lock-down system with a honeypot to detect and stop the outbreak before it becomes a problem/lots of cleanup work.
Before I start, I would just like to check if anyone else already had done this?
My idea is to make a share with enough files so the cryptovirus is busy for a while on this share, and mount it as an early letter in windows on all clients. Then make a script that detects changes on this share and who is doing the changes - then lock down this users account so the user doesn't have access to encrypt anything on later network shares mapped - like home directories and common file areas.
Any ideas or input on this before I start making a solution is welcome.
--
Morten-Christian Bernson,
Section for infrastructure, Systems Architect Storage and Backup
IT-department, University of Bergen
