We kinda have a big bad bogeyman floating around the internet called 'cryptoware'.
We have adopted the approach of 'its not IF we get hit but WHEN' approach and are currently looking at pre-emptive damage control through decreasing detection times, restricting file access more tightly and backups.
Has anyone else put some thought into this ? Whilst the SLES servers themselves are (probably) immune, the NSS data on them is not.
I'm currently looking at if I can do something with monitoring file creation/changes and how big of a performance hit that will be.
This is a bit of new terrain and we are assuming an up to date virus scanner will not detect the malware before it is too late. (it is highly 0 hour).
Currently the FAM daemon has my attention but I've not been able to put any time into it as of yet.