You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Nextcloud bot cfbd538884
[tx-robot] updated from transifex
2 days ago
.github Empty repo stuff 2 years ago
.tx Fix tx config 2 years ago
appinfo Merge pull request #58 from nextcloud/bugfix/57/extend-description 5 days ago
css Fix notifications 2 years ago
docs Add screenshots 2 years ago
img Fix notifications 2 years ago
js Add admin and personal settings 2 years ago
l10n [tx-robot] updated from transifex 2 days ago
lib Adjust notifier to Nextcloud 17 7 months ago
resources Add .NEXTCRY extension 3 months ago
templates Add admin and personal settings 2 years ago
.gitignore Empty repo stuff 2 years ago
CHANGELOG.md Add changelog for 1.5.0 5 months ago
COPYING Empty repo stuff 2 years ago
Makefile Fix Makefile 2 years ago
README.md Extend description 2 months ago
personal.php Add admin and personal settings 2 years ago

README.md

Ransomware protection app

This app prevents the Nextcloud Sync clients from uploading files with known ransomware file endings.

⚠️ This app does not replace regular backups. Especially since it only prevents infected clients from uploading and overwriting files on your Nextcloud server. It does not help in case your server is infected directly by a ransomware.

⚠️ Neither the developer nor Nextcloud GmbH give any guarantee that your files can not be affected by another way.

How the app works

When a known sync client is uploading a file with a file name matching the pattern of a ransomware (see this list of patterns), uploading of the file is blocked.

The user receives a notification with 2 options:

File “foobar.txt” could not be uploaded!

The file “foobar.txt” you tried to upload matches the naming pattern of a ransomware/virus “*.txt”. If you are sure that your device is not affected, you can temporarily disable the protection. Otherwise you can request help from your admin, so they reach out to you.

[ Pause protection ] [ I need help! ]

If you want to exclude the problematic pattern, you can copy it from this notification and ask your admin to add it to the exclude list. Admins can also see the pattern in the log when it is set to level Warning or lower.

If the user presses “I need help!” admins of the instance receive the following notification:

User Tester may be infected with ransomware and is asking for your help

[ I will help ]

Pressing the button will delete the notification for all administrators.

After 5 “infected” uploads within 30 minutes, the clients of the user get blocked automatically to prevent further damage to the data. After the problem has been solved, the clients can be re-allowed in the personal settings of the user.