There is a particularly devious type of malicious software that locks users out of their own computer systems until an individual agrees to pay a ransom to the hackers. In these cases, the FBI has surprisingly suggested just ponying up the dough.
It's not the type of advice one would typically expected from the FBI, but that's exactly what was recommended by Joseph Bonavolonta, the assistant special agent in charge of the FBI's CYBER and Counterintelligence Program Boston office.
"The ransomware is that good," said Bonavolonta at the 2015 Cyber Security Summit in Boston, as quoted by Security Ledger. "To be honest, we often advise people just to pay the ransom."
Yeah, it's RT, but I did a search, and that or similar headlines popped up on dozens of news sites. I clicked a couple of them, and the stories match. Try this one,
https://thehackernews.com/2015/10/fbi-ransomware-malware.html
Personally, I can almost certainly afford to nuke and reinstall, unless they get my RAID array. Then - I'd have to think hard.
(Score: 3, Insightful) by darkfeline on Friday October 30 2015, @12:17AM
>And, no, I don't have a full backup of my RAID. I would have to purchase a few hard drives to do that, along with an NAS of some type. Or, purchase space on some server in the cloud. I'm not a fan of the cloud though.
>The good news is - only one user has r/w access to the RAID. All other users have read access only.
This is a facepalm-worthy setup. Okay, you don't have a backup. There's a user with direct write access. If that user gets compromised (stuff happens), you're screwed. If YOU make a mistake (rm -rf /home /bob/tmp), you're screwed. If ANY non-hardware-failure-related error happens (including if an HDD microcontroller loses its sanity), you're screwed (cosmic rays are a thing, however rare they are).
There's a reason you should make backups, and there's a reason that "RAID is not a backup". I'm not sure whether I should pray that you learn this lesson the hard way--better sooner than later?
Join the SDF Public Access UNIX System today!
(Score: 2) by Runaway1956 on Friday October 30 2015, @07:38AM
LOL - I've learned the lesson, really.
Another poster mentioned cost. Not everyone can afford a home server. I can't, really, but I have one anyway. In fact, my workstation is on the server, because my most recently purchased workstation kinda crapped out.
In all honesty, I suppose that I have "backups". JBOD - disks that I've collected over the years. Some purchased from retail vendors, and many more recovered from machines that have been parted out. My months old RAID has absorbed the data from the JBOD, and now those disks reside in a couple of cardboard boxes. If the RAID dies unexpectedly, I could recover all of it. Just as I could, in theory, recover all the data that was backed up years ago on floppy disks and later CD's.
This RAID that I'm so proud of right now was my summer project. Maybe this winter, I'll spend the bucks, and build an actual backup system. Or, I may put it off til next summer.
As for off-site backups - I'll probably never get around to that. Or, maybe I'll eventually make an encrypted volume, add those files and folders that I consider most important, then put that volume in the cloud. I would never consider using the cloud for backup if the provider holds the encryption keys. That will never happen - we've seen how easily some of those providers have been compromised.
Ehhh - life is risk, and risk is life. The only data that is essential to me, resides in my head anyway. I can recover and/or rebuild everything else after a catastrophic loss. It would be a major inconvenience to do so, but it could be done.