Whew, I guess I'm ok then. I'm sitting IN FRONT of the keyboard.

BTW: Does anyone know if chkrootkit or rkhunter or debcheckroot or ... can detect any of the popular ransomeware (probably never been on linux but these are likely to run on OSx)?
And since ransomware is almost certainly user-space, what about configuring tripwire to check userspace?
It seems like a good idea to think about this since the latest ransomware sits around for 2-3 days before it starts encrypting user files. Maybe its really vulnerable at that point?

I do find it interesting that the ransomware almost-certainly must have been signed by a developer key. It suggests an inside job.

pebkac

dd ?
(i guess rsync is usually recommended for incremental backups but i never had the need and therefore no experience with it).

Rsync running through a cronjob should certainly be able to do the backups. That's what it's designed for.

Wrt defense please note the infection vectors mentioned are just that: exploit any flaw, elevate privileges, do stuff. And the fact that linux.encoder.1 currently is easily defeated also is no reason to postpone getting that security posture up to spec. As far as I'm concerned all common security best practices (install and expose only what is required, proper hardening and auditing, regular updates and backups etc, etc) still apply. Do note unattended, automated backups without restore testing or content checking may prove to be interesting because for the backup software itself there's no valid reason not to back up an already ransomware-encrypted file system ;-p

Out of the box, that may be true, but with the right packages added to a Windows system, it can be secured to a fair reasonable level.

- Finely tuned permission levels for software and hardware can limit exposure to malware. Example: Limiting USB drive access, or access to optical or flash drives in the system.
- Properly updated systems reduce security holes as do tested antimalware tools. Example: Using MalwareBytes Pro in conjunction with Sophos Internet Security.
- Blocking bad IP addresses in the HOSTS can reduce instances of exposure. Example: Running Spybot Search and Destroy's Immunization tool can tune up security and create a huge block list in HOSTS.
- Using well tuned and properly configured Stareful Packet Filtering Firewalls in both hardware and software can reduce threats as well as using software to warn of attacks on the system and network.

GNU/Linux equally has to be properly secured by the system administrator as well. No operating system is going to be 100% fail safe. Apple claimed this with OSX/Darwin, and it got very devastating malware. Now OSX has several malware detection and elimination tools to keep the system safe. Linux systems can get malware, but because no two distributions are exactly alike, attacking every system equally is impossible.

Another possibility is what happened to Ian Murdock. When he was "clubbed to death", the PD got control of his laptop. The FBI showed up later on ulterior motives.
Sorry for the conspiracy theories here, but does the SFPD now have his keys? Does this imply the FBI has his keys?
And by the same argument, did someone else get Apple keys from a traffic stop, drug deal, vindictive girl friend, etc. etc.? And if you're talking about transmission bittorent developers, same logic.
Old adage: No man is an island.

1 members found this post helpful.