I understand that there exists a linux version of ransomware.
What protection is the community suggesting?
Matthew

There is? I remember I heard it was a Windows virus that encrypted shared drive from Linux, so it really wasn't running on Linux.

Thanks!
That makes more sense to me now.
Matthew

The traditional advice is to not give your user account write access to everything. I understand that may not be realistic these days, but it's still the right way to do it.

There was an attempt to use ransomware against Linux last year. Its specific target was the Magento e-commerce platform, rather than Linux itself. By all reports it was lame and easily defeated. http://www.zdnet.com/article/how-to-...er-ransomware/

There's also an relatively new exploit that attacks WordPress. The story I read did not go deeply enough to describe how it found entry to a WP instance, but, in the past, most exploits that attack WP do so through dodgy plugins.

http://www.theregister.co.uk/2016/02...king_websites/

Generally, Linux's security model is excellent, but it's not an invisible plastic shield. Regardless of the OS, users must practice safe HEX.

1 members found this post helpful.

linux is NOT invincible

and believe it or not but you can also make MS Windows JUST as secure

there are however a lot less threats , but they DO exist .

not just the wordpress issue

i will need to find it but i recently ( last 2 months or so ) read about a version of a cryptolocker-ransomware that WAS working on linux and on ext3 and 4 partitions

There was ALSO a VERY FUNNY!!!! story about SCRIPT-KIDDES infecting THEMSELVES with a " LINUX keyloger" that had the source released on a onion site.
-- linked to from 4chan i think


there IS a reason that drives that are auto mounted are READ ONLY to a normal user

if your back-up drive is WRITABLE by a normal user then it COULD get locked up

This, ladies and germs, is BS. MS Windows cannot be secured, too many security holes. When you buy a Windows penetration kit from bad guys it comes with 6 months warranty. In unlikely case MS closes the security hole your kit is exploiting they switch you over to next vulnerability for free. Unthinkable with any POSIX compliant system.

The best defense against ransomware, on any OS, is regular backups, preferably daily. If your business depends on having everything, then you should be doing backups of your data more frequently. Those backups should be going to an external drive at least, if not to cloud or network storage. All you have to do to defeat the ransomware is to reinstall your backup. You may lose some changes, but that's all.

And if you do back up to cloud or network storage, remember what I said about permissions. It's extremely common to have cloud/network storage mounted with user-write permissions for convenience. Get ransomware on a setup like that, and you'll lose the backups.

One of the reasons why I use OS/X as a host is ... Time Machine. Which comes free with OS/X.

(Some versions of Windows have a comparable utility, but it's really not "comparable" at all ..)[/i]

Working quietly in the background, every hour or more-often, TM backs up everything, including e-mails.

I'd be very interested in recommendations for a Linux based backup daemon that can do equivalent things. I'd happily dedicate a second external hard-drive to backing up several Linux VM's.

What would be the standard linux defenses/recovery choices?
I would think a properly configured apparmor/selinux setup would work well. Has anyone built config packages for either of those specific to ransomeware?
Signature detection is always a problem but hitting a violation-count threshold for such a package could work well I would think.
Then there's booting from a rescue thumbdrive to examine logs and kill things and replace with backups.
I'm sure others have better/more ideas.

Don't run dodgy scripts?

...most of the bash scripts I write are "dodgy" :P
But thanks.

Moved: This thread is more suitable in <Linux - Security> and has been moved accordingly to help your thread/question get the exposure it deserves.

Any OS is only as Secure as the nut behind the keyboard.

1 members found this post helpful.