FSRM-ANTICRYPTO : Protect servers against crypto attacks.

FSRM-ANTICRYPTO : Protect servers against crypto attacks.

Use FSRM-ANTICRYPTO to protect your Windows servers against Crypto attacks and keep the Crypto filegroup extensions up to date. A very completelist is maintained by experiant.ca with infos gave by the community
Configuring FSRM make impossible to users to write files with forbiden extensions. So We use FSRM to avoid encrypted files to be saved as the extension used by the Crypto Process is Known. Those scripts and howto are given as is. Use at your own risck. I will take no responsability for that. This work is heavily based on Kinomakino and Nexxai on Github. Big hug! Also Thanks to Jpelectron who gave me the idea to go further.


So What!
+ update list of banned extensions (through task manager or manually)
+ configure extensions list, template and applying on shares
+ possibility to exclure extensions from the blocked list (false positive)
+ possibility to exclude shares (excluding some specific shares like usb dongle…)
+ possibility to stop all shares when attack is detected

Minimum requirements
– Powershell v3.0


Source: https://github.com/davidande