One of our loyal readers, Gebhard, pointed out a nice post (in German) on how to slow down Locky if you are using a Samba server for filesharing in your environment.  The technique takes advantage of fail2ban and some additional Samba logging to keep Locky from encrypting all the files on the share.  It is worth a look.  Thanx, Gebhard, for sharing.

References:

[de]: http://heise.de/-3120956
[en]: https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fheise.de%2F-3120956&edit-text=

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu