Ransomware dangers increasing

[Moose On The Loose]

A few thoughts:

1) A machine in virtual box can be backed up easily by the host.

2) The encryption is usually done by a Windows virus.

3) Anything you store "on the cloud" can be lost if you get the virus, the hosting outfit gets the virus or if someone else with access to your cloud account gets the virus. This includes Putin and the NSA

4) I don't think "fly paper" will work well on these criminals because they are not actually after your data.

5) Spain just arrested a major internet criminal at the FBI's request. Once scammer down only about 7 Zillion more to go. It may, however, make the criminals want not to get noticed for a while.

6) If your data is in some companies proprietary format that only their software can work with, you are a victim of ransomware already. You have to pay them to use their software or your data is not accessible.

[musher0]

A few thoughts:(...)
3) Anything you store "on the cloud" can be lost if you get the virus, the
hosting outfit gets the virus or if someone else with access to your cloud
account gets the virus. This includes Putin and the NSA(...)

Hi, Moose On The Loose.

Hmm... I think you forgot to add an to that one!

Here's an idea inspired by your #3 :

We deliberately store something with a ransomware virus in The
Cloud. We tell the NSA or the CCSE (Canadian Communications Security
Establishment; Canadian equivalent of NSA) or whatever your national
electronics spying agency is to come and get it. And we give them the
key only when they pay up!

(Nah. That's wishful thinking! But it's a fun thought!)

BFN.

~~~~~~~~~
Note to Sergeant Preston of the RCMP, Yukon Division:
In case you didn't get it, the above is a joke !

[rufwoof]

I have that aufs overlaid docs system up and running now. Appears to be working well. I've also dropped evolution into that (mail, calendar, events, memos ...etc).

One downside is if you apply a change to all files command, such as chgrp user * ... as all files in the docs.sfs are then replicated into the changes folder ... which can take a while if your docs folder content is large. But for more common usage - single files at a time - it works fine.

The code I have in a script that runs at startup is ...

Code: Select all

# if frugally booted then aufs mount our docs sfs
if [ -d /lib/live/mount/persistence/sda1/live/DOCS-aufs ]; then
  cd /lib/live/mount/persistence/sda1/live/DOCS-aufs
  mkdir docssfsmntpoint
  mkdir doc-changes
  mkdir DOCS-LAYERED
  mount -o ro,loop docs.sfs docssfsmntpoint
  mount -t aufs -o br:doc-changes=rw,br:docssfsmntpoint=ro none DOCS-LAYERED
fi

and where I have DOCS-LAYERED sym linked into my HOME folder (and where evolution folder is a sym link into a folder within that).

As the main filesystem is compressed (SFS) and now most of the doc files are also compressed (docs.sfs), makes using mksquashfs backups a lot quicker as you can use no compression (mksquashfs /mnt/sda1 backupxxx.sfs -noX -noI -noD -noF) that runs through in around a minute in my case to backup or restore (unsquashfs -f -d /mnt/sda1 backupxxx.sfs)

[Moose On The Loose]

A few thoughts:(...)
3) Anything you store "on the cloud" can be lost if you get the virus, the
hosting outfit gets the virus or if someone else with access to your cloud
account gets the virus. This includes Putin and the NSA(...)

Hi, Moose On The Loose.

Hmm... I think you forgot to add an to that one!

I always figure that a joke that needs to be pointed out isn't funny enough.

I have heard of companies only discovering that they can't restore from the backups they have been faithfully making after the data is lost. A file server based on a layered file system could be made so that the backup is always there as a read only. This would make it a lot harder for the ransom virus to destroy the data. I worry more about lost data than stolen data on most things. There is some data that I worry a lot about the theft of but that isn't on this computer.

Here's an idea inspired by your #3 :

We deliberately store something with a ransomware virus in The
Cloud. We tell the NSA or the CCSE (Canadian Communications Security
Establishment; Canadian equivalent of NSA) or whatever your national
electronics spying agency is to come and get it. And we give them the
key only when they pay up!

(Nah. That's wishful thinking! But it's a fun thought!)

Your idea may actually work if instead of telling the NSA to come get it, you commented that there was no way the NSA would ever get that data in some public places.

[purple379]

If you get RansomWare, my first comment is not the throw away, or format over the drive.

My reasoning being that some companies, have found ways to decrypt some of these RansomWare Encrypted drives for Windows, like Eset has a number of programs for older Ransom encrypted models.

Even if those who do RansomWare have a new encryption model, likely in the near future you may be able get a free decryption program.

From what I have read about RansomWare, it can expand to other drives, cloud, backups on a system. Treat the infected drive like it has Ebola.

BackUp software tends to fail when you really need it. Which is no excuse for not trying to back up, but think about how you are doing the backup, and the consequences of how a hiccup might make it impossible to do a back up.

I would prefer to do complete clones of things I want to keep, but that is too expensive. Never trust the helpful back up programs supplied by - say computer manufacturers (OK, that was Windows.) One never is told the consequences of one option over another option. Just you found it it did not work when you needed it.

[greengeek]

Here is another article about a specific variant of ransomware which seems to be wrapped in both Word format and PDF format:
https://nakedsecurity.sophos.com/2017/0 ... side-a-pdf

[d4p]

DECRYPTION TOOLS:
https://www.nomoreransom.org/decryption-tools.html

“1980s-mode.