G2A Many GEOs
SHARE
TWEET

Anti Ransomware Script

applehelpwriter Apr 16th, 2016 (edited) 483 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #! /bin/bash
  2.  
  3. ###################################################
  4. # DESCRIPTION
  5. ###################################################
  6. # COPYRIGHT (C) applehelpwriter.com / Phil Stokes 2016
  7. # For more info go to:
  8.  
  9. # http://applehelpwriter.com/how-to-stop-ransomware-infecting-backup-disk
  10.  
  11.  
  12. # This script is for use with a CARBON COPY CLONER (BOMBICH SOFTWARE / www.bombich.com)
  13. # Scheduled backup task
  14. # Tested on CCC v4.1.7, Mac OS X 10.11.4
  15.  
  16.  
  17. # This script aims to abort the scheduled backup if the percentage
  18. # of changed files in a given 'Canary' directory exceeds a user-defined threshold.
  19.  
  20.  
  21.  
  22. ###################################################
  23. # USAGE
  24. ###################################################
  25.  
  26.  
  27. # 1.
  28. # In the USER PREFERENCES section below, alter the following THREE paths names:
  29.  
  30. # i. BACKUPDISK="<path to your /Volumes/[destination drive]/Users/user_name/some folder>"
  31. # ii. HOMEVOL="<path to your source vol home folder>"
  32. # iii. LOGFILE="<make up a name>" #we suggest something inconspicuous
  33.  
  34. # 2.
  35. # Set the threshold to as low as you can reliably get away with
  36.  
  37.  
  38. # 3.
  39. # Save the script to a local folder
  40. # Recommended: give the script an inconspicuous name
  41. # like NOT**** "anti-ransomware.sh" ****
  42. # (i.e., make it harder for an attacker to identify and find)
  43. # Recommended: do NOT locate the script in the CCC default Scripts folder
  44. # (i.e., make it harder for an attacker to identify and find)
  45. # Recommended: locate the script outside of your Home folder
  46.  
  47.  
  48. # 4.
  49. # Open CCC, select the task from the sidebar
  50. # Locate the 'BEFORE TASK RUNS' section.
  51. # Select the script from the location in 3. above
  52.  
  53.  
  54.  
  55. ###################################################
  56. # USER PREFERENCES
  57. ###################################################
  58.  
  59. # path to the home folder on the BACKUP DESTINATION disk, e.g:
  60. BACKUPDISK="/Volumes/MYBACKUP DISK 500GB/Users/phil/MyFolder"
  61.  
  62. # path to the home folder on your internal SOURCE drive
  63. HOMEVOL="/Users/phil/MyFolder"
  64.  
  65. # invent a filename here, it doesn't need to exist initially:
  66. LOGFILE="My Family Stuff"
  67.  
  68. # threshold in percent
  69. Threshold=10
  70.  
  71. ###################################################
  72. # SCRIPT LOGIC
  73. ###################################################
  74.  
  75. LOGPATH="$HOMEVOL"/"$LOGFILE"
  76.  
  77. # get the total file count on the destination
  78. if cd "$BACKUPDISK"; then
  79.         DestHomeFileCount=$(ls -Rl | grep -v ^l | wc -l)
  80.     else
  81.     exit 0
  82. fi
  83.  
  84. # get the total number of changes btw src & dest
  85. SrcDestDiffCount=$(
  86.     diff -rqN "$HOMEVOL" "$BACKUPDISK" | wc -l
  87. )
  88.  
  89. # find the percentage of change
  90. ChangeLimit=$(
  91.     echo $(((DestHomeFileCount / 100) * Threshold))
  92. )
  93.  
  94. # determine if task should run
  95. if ((SrcDestDiffCount < ChangeLimit)); then
  96.         MSG="run"
  97.     else
  98.         MSG="be aborted"
  99.  
  100. fi
  101.  
  102. # log and write to the Canary to update the modification time
  103. printf "\n%s" `date` >> "$LOGPATH"
  104. printf "\nDestination %s has %d files in the canary folder\nThere are %d changes between it and the source %s.\nThe threshold for aborting the backup task is approx %d percent, or %d not more than changes.\nResult: task will %s." "$BACKUPDISK" "$DestHomeFileCount" "$SrcDestDiffCount" "$HOMEVOL" "$Threshold" "$ChangeLimit" "$MSG" >> "$LOGPATH"
  105.  
  106.  
  107. if [ "$MSG" == "be aborted" ]; then
  108.  
  109.         # abort scheduled backup
  110.         /Applications/Carbon\ Copy\ Cloner.app/Contents/MacOS/ccc -x
  111.  
  112. fi
  113.  
  114. exit 0
RAW Paste Data
Ledger Nano X - The secure hardware wallet
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top