RE: Ransomware -- MIDRANGE-L

Jim,

Using Halcyon monitor, I have a job log monitor setup for this.
I get an email anytime a user with a mapped drive to IFS connects.

PENCOR05 Servicing user profile PAULS from client 10.5.65.175. Netserver User connecting

QZLSFILE *ALL *ALL *ALL CPIAD12

Rule group . . . . . . . . NETSERVER
Rule number . . . . . . . . 10 Netsever Users Connecting
Job name . . . . . . . . . S QZLSFILE

User name . . . . . . . . . *ALL
Subsystem . . . . . . . . . *ALL
Job type . . . . . . . . . *ALL
Message IDs . . . . . . . . CPIAD12

Message file . . . . . . . QCPFMSG
Library . . . . . . . . . QSYS
ASP group . . . . . . . *SYSBAS
Message type . . . . . . . *ALL
Message severity . . . . . *ALL
To program . . . . . . . . *ALL More...

Paul

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of midrange
Sent: Tuesday, June 27, 2017 9:23 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Ransomware

Is there a way to see which pc clients have an actual map drive on their pc that is connecting at log on? Any security log when the connection is made or when used..
We have some *public authorized areas in the ifs and lots of users - would like not to take a sledge hammer to it by cutting them all off and see who screams..
Some of these users and their connections go back a decade or more (thru many releases).
V7R1
Jim

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Christopher Bipes
Sent: Tuesday, June 27, 2017 5:42 PM
To: Midrange Systems Technical Discussion
Subject: RE: Ransomware

The virus will not run on the iSeries but it can encrypt a share or mapped drive to a share from an infected windows PC. Make sure you backup are good and users only have the permission they need to any Netserver shares you have defined to restrict the damage that can be done by in infected windows machine.

Chris Bipes
Director of Information Services
CrossCheck, Inc.

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Raul A Jager W
Sent: Tuesday, June 27, 2017 2:37 PM
To: midrange-l@xxxxxxxxxxxx
Subject: Ransomware

Should we be concerned about Petya?

Not sharing the root directory is safe enough?

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link:
http://amzn.to/2dEadiD

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: http://amzn.to/2dEadiD