Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I understand that there exists a linux version of ransomware.
What protection is the community suggesting?
Matthew
The traditional advice is to not give your user account write access to everything. I understand that may not be realistic these days, but it's still the right way to do it.
There was an attempt to use ransomware against Linux last year. Its specific target was the Magento e-commerce platform, rather than Linux itself. By all reports it was lame and easily defeated. http://www.zdnet.com/article/how-to-...er-ransomware/
There's also an relatively new exploit that attacks WordPress. The story I read did not go deeply enough to describe how it found entry to a WP instance, but, in the past, most exploits that attack WP do so through dodgy plugins.
and believe it or not but you can also make MS Windows JUST as secure
there are however a lot less threats , but they DO exist .
not just the wordpress issue
i will need to find it but i recently ( last 2 months or so ) read about a version of a cryptolocker-ransomware that WAS working on linux and on ext3 and 4 partitions
There was ALSO a VERY FUNNY!!!! story about SCRIPT-KIDDES infecting THEMSELVES with a " LINUX keyloger" that had the source released on a onion site.
-- linked to from 4chan i think
there IS a reason that drives that are auto mounted are READ ONLY to a normal user
if your back-up drive is WRITABLE by a normal user then it COULD get locked up
and believe it or not but you can also make MS Windows JUST as secure
This, ladies and germs, is BS. MS Windows cannot be secured, too many security holes. When you buy a Windows penetration kit from bad guys it comes with 6 months warranty. In unlikely case MS closes the security hole your kit is exploiting they switch you over to next vulnerability for free. Unthinkable with any POSIX compliant system.
The best defense against ransomware, on any OS, is regular backups, preferably daily. If your business depends on having everything, then you should be doing backups of your data more frequently. Those backups should be going to an external drive at least, if not to cloud or network storage. All you have to do to defeat the ransomware is to reinstall your backup. You may lose some changes, but that's all.
Those backups should be going to an external drive at least, if not to cloud or network storage.
And if you do back up to cloud or network storage, remember what I said about permissions. It's extremely common to have cloud/network storage mounted with user-write permissions for convenience. Get ransomware on a setup like that, and you'll lose the backups.
One of the reasons why I use OS/X as a host is ... Time Machine. Which comes free with OS/X.
(Some versions of Windows have a comparable utility, but it's really not "comparable" at all ..)[/i]
Working quietly in the background, every hour or more-often, TM backs up everything, including e-mails.
I'd be very interested in recommendations for a Linux based backup daemon that can do equivalent things. I'd happily dedicate a second external hard-drive to backing up several Linux VM's.
What would be the standard linux defenses/recovery choices?
I would think a properly configured apparmor/selinux setup would work well. Has anyone built config packages for either of those specific to ransomeware?
Signature detection is always a problem but hitting a violation-count threshold for such a package could work well I would think.
Then there's booting from a rescue thumbdrive to examine logs and kill things and replace with backups.
I'm sure others have better/more ideas.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.