SoylentNews is people
SoylentNews
There is a particularly devious type of malicious software that locks users out of their own computer systems until an individual agrees to pay a ransom to the hackers. In these cases, the FBI has surprisingly suggested just ponying up the dough.
It's not the type of advice one would typically expected from the FBI, but that's exactly what was recommended by Joseph Bonavolonta, the assistant special agent in charge of the FBI's CYBER and Counterintelligence Program Boston office.
"The ransomware is that good," said Bonavolonta at the 2015 Cyber Security Summit in Boston, as quoted by Security Ledger. "To be honest, we often advise people just to pay the ransom."
Yeah, it's RT, but I did a search, and that or similar headlines popped up on dozens of news sites. I clicked a couple of them, and the stories match. Try this one,
https://thehackernews.com/2015/10/fbi-ransomware-malware.html
Personally, I can almost certainly afford to nuke and reinstall, unless they get my RAID array. Then - I'd have to think hard.
(Score: 2) by skater on Thursday October 29 2015, @01:32PM
I have a server with our 'media' files on it, primarily our photographs, and we'd hate to lose it. I do multiple backups, online backups, etc., but I'd like to limit damage to the media drive as much as possible. I don't worry about any of the computers themselves - they can all be reinstalled or whatever; nothing critical is stored on them (at least, I hope that's what my wife is doing...). I'm mainly concerned about that media drive, which I do have set up for network access.
One thing I do is set all of the photographs to read-only access. I do this mainly to reduce the chance of an accidental erasure/edit, but would it also help protect against these kinds of attacks? If so, there are huge swaths of that drive I could make read-only; it's rare that we need to edit a file after we've put it in its spot. Are there other things we can do, aside from backups?
(Score: 0) by Anonymous Coward on Thursday October 29 2015, @01:49PM
I back up to a 2Gb USB hard drive that stays disconnected when done. Plus... I use Linux.
(Score: 2) by mmcmonster on Thursday October 29 2015, @02:14PM
A smart ransomware would try to change the write permission on any file you own on the drive. And they are all very, very smart.
Best thing is off-line backups. But you have to be careful even with offline backups. The last thing you want is to overwrite an offline backup with a version which is encrypted by the ransomware.
Probably offline backups with version control? Something like Apple Time Machine?
(Score: 1, Informative) by Anonymous Coward on Thursday October 29 2015, @04:06PM
Back up to non-rewriteable optical media.
(Score: 0) by Anonymous Coward on Thursday October 29 2015, @11:14PM
1. Share all your user folders on your home network such that they are read-only to a non-you user.
2. Get a raspberry pi and attach a usb drive to it.
3. Have it scan your user folders for changes.
4. Save the differences as necessary.
5. For additional safety, turn off the raspberry pi when not backing up, or set it to shutdown automatically when done.
(Score: 2) by martyb on Thursday October 29 2015, @02:28PM
It's unclear to me what operating system you are using. That said, the same general approach should apply.
Define multiple users on your system. One (or more — in case you somehow lock yourself out of that account) of which have write access, and all the rest have read-only access. For watching videos or viewing pictures, only access the files with a read-only-access user. When inserting new files, use the user account that has the write access. You can accomplish this with ACLs (Access Control Lists). Here's a link for a windows environment [stackoverflow.com] — a similar approach can be used for *nix-like OSs with world/group/user level permissions.
Wit is intellect, dancing.
(Score: 4, Informative) by VanderDecken on Thursday October 29 2015, @02:39PM
One option you have is to use a NAS server that allows for automated filesystem snapshots, such as FreeNAS [freenas.org] with ZFS. If you get hit by it, you roll back to a known good copy. You should still have offline backups, but having automated snapshots can minimize the damage and downtime.
I know of a company where an admin assistant got hit by one of those malwares, where it (as usual) started by encrypting what it could find on network drives. When people realized that something was wrong (the encryption was still in progress, but it hit a file that someone else was looking at), she killed the power on her workstation. They burned her machine to the ground (ie: reimaged it) and restored the network filesystems from the last good snapshot. Not more than 30 minutes' worth of data was lost, and everyone else was up and running in less than an hour. (Her machine took a bit longer for the reimage, but no data was lost there because nothing of consequence is kept on the workstations.) They were using a different ZFS-based NAS solution, but the same idea applies.
The two most common elements in the universe are hydrogen and stupidity.
(Score: 2) by Hyperturtle on Friday October 30 2015, @01:55AM
I am not sure what you are saying. Are you saying that because a file was in use and someone noticed something was wrong and they killed power to her workstation, and as such it prevented her machine from eventually reaching the NAS? You said "started encrypting what it could on the network drives" and then "restored the network filesystems". I do not understand the difference between these two things. I do understand the difference between a SAN and NAS, but you said NAS, so that to me is "file share on the network", no different than any other mapped drive.
What kind of NAS protects against this if her machine had write access to it for the image to be stored? Did the NAS itself actually consist of a backup server of some kind, that then pulled data with a different account that was unrelated in any way to hers, so that if a virus like this hit it, it would not have access to it because it didnt have an account with permissions to exploit with since it couldn't use hers?
RAID is not backup. NAS is not backup. NAS is just a file share on the network that might be a single SD card, a USB stick, a disk drive, or a fancy case with multiple drives running some sort of OS to manage it that... serves files and has file system access, like a vulnerable windows share or linux share. NAS is often just "non-microsoft tax file share for network accessible storage".
Having file storage on the network and calling it NAS instead of "Not even a raid" or "yeah its a raid but" still is not a backup, and if the user can write to it, then so can the virus.
But I agree that offline backups are the best type.
I do realize that you said this was a company you knew (FoAF in other words), so you may not have much detail, but you had enough detail to describe it as NAS with a ZFS file system. What I am getting at is that if a user can access it to write to it, it could be pencil and paper and they can still spill ink on it. The paper and pencil have nothing to do with the user managing to screw it up.
Sorry if I come across as harsh, but I have known clever people to defeat safeguards in products to make things more convenient and easy and then still repeat the claims on the tin even though the tin has something else in it.
(Score: 2) by VanderDecken on Friday October 30 2015, @06:44AM
Ok, let me try this again.
If it's providing a network filesystem, I'm calling it a NAS. If it's providing a block device over the network, I'm calling it a SAN. Terms can get muddy, especially when marketing steps in, but let's go with those definitions. (In reality, most modern boxes can provide either. Whether it's ethernet, fibrechannel, or whatever doesn't matter at a high level.)
In this case, the server was exporting a CIFS share backed by a ZFS filesystem, and ZFS was set to take automatic snapshots every 5 minutes or so. From the client machine perspective, yes it looks like a disk. When the malware hit, it was in the process of encrypting those portions of the CIFS share accessible to the admin assistant. The fact that someone else noticed the problem before the malware was done is irrelevent; it could have finished encrypting the whole thing and it wouldn't have mattered.
So the recover procedure was:
No, a NAS by itself is not a backup, and RAID is not a backup, but exporting a log structured filesystem (and with snapshots enabled) on a RAID means that you can do most recovery operations without going to traditional backups. You still need the traditional backups for archival and disaster recovery scenarios, though, including the case of losing more disks than your RAID has redundancy (at whatever level).
Does that help?
The two most common elements in the universe are hydrogen and stupidity.
(Score: 2) by Hyperturtle on Friday October 30 2015, @05:19PM
Yes indeedy!
My goal really was to provide for posterity a description from someone like you (and me) that having a network share to store backups on doesn't mean it's a backup -- it means its another copy.
People mistake raid for backups, and copies for backups, and indeed a raid can host copies of backups, and you can backup copies onto a raid, and if you have a raid 10, you have a parity copy hardware backup of those drives in raid 0 and... I didn't think you made the mistake.
I had a day of dealing with stupid, so please pardon if I stooped to an uninformative level. I would mod your reply informative, but I wanted to let you know that I see you answered my question and it is informative.
Lots of people out there, despite all the drum beating, do not get it, and other people still beat the drum at the whiff of others not getting it.
(my replying again doesn't win us points, though, but at least I am happy, right? well if that's not so good--think of all the posterity you helped!)
(Score: 2) by richtopia on Thursday October 29 2015, @03:32PM
After spinning my own for years I've moved to just using SpiderOak for most of my backup needs. I think their terabyte plan is 15USD a month, and you can usually find discounts. Even compared to the price of a raspberry pi and a USB 1TB drive that is relatively comparable, and a lot less headache/more reliable.