Rclone Wars (extortion attacks)

So this is a thing now

It's from a blog post about extortion being used as an attack instead of ransomware, and by detecting & blocking common programs used in those attacks (Rclone being one of them) will help defend against it.

1 Like

The authors do point out the Rclone project is constantly being updated with new functionality, and praise rclone's versatility!

1 Like

The headline graphic is great and I particularly like the suggestion to monitor for such distinctive strings as remote: and //.


i thought just the opposite, that their suggestions were lame.

We’ve had success looking for command lines including ....-multi-thread-streams and copy

1 Like

They all work really well if you know nothing about rclone!

I'm more accustomed to looking for @ncw references to Hitchhikers Guide to the Galaxy, but the Star Wars stuff is amusing too. :smiley:


PS Been horrid busy with horrid stuff but felt I should break out to update for latest version and then Rclone Wars hit the search engine indices!

I really like the rclone selfupdate and reference to EU funding for vendor-neutral academic use of cloud storage.

All best.


yeah, I was wondering where you have been.



  • This work was sponsored by CERN, through the CS3MESH4EOSC Project.
  • CS3MESH4EOSC has received funding from the European Union’s Horizon 2020
  • research and innovation programme under Grant Agreement no. 863353.

Yes, sorry that wasn't clear, but it turns into a great message.

yes, that is great

1 Like